Lucene search
K

72 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2009-0217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools...

5CVSS7.2AI score0.06348EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6.9AI score0.06348EPSS
Exploits0References13
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:39 a.m.43 views

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

Summary Apache XML Security for Java is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML security infrastructure. Information about security vulnerabilities affecting Apache XML Security for Javahas been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-4517...

7.5CVSS7.3AI score0.10448EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.57 views

Solaris 10 (sparc) : 125136-75

JavaSE 6: update 75 patch equivalent to JDK 6u75. Date this patch was last updated by Sun : Apr/14/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...

10CVSS6.8AI score0.3038EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.27 views

Solaris 10 (x86) : 141710-03

Sun GlassFish Enterprise Server v2.1.1 Security Patch01, x86: SVR. Date this patch was last updated by Sun : Jan/08/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

5CVSS7.8AI score0.06348EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.54 views

Solaris 10 (sparc) : 128640-30

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful...

9.8CVSS7AI score0.87264EPSS
Exploits22References6
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.13 views

Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)

The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. A tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without...

5CVSS1.8AI score0.06348EPSS
Exploits0
Prion
Prion
added 2013/08/20 10:55 p.m.16 views

Design/Logic Flaw

Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...

5.8CVSS7AI score0.06348EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2013/08/20 10:0 p.m.49 views

CVE-2013-2155

Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...

5.8CVSS5.9AI score0.05805EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.54 views

Oracle Linux 5 : xmlsec1 (ELSA-2009-1428)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1428 advisory. - Fix a security issue on short hmac lenght CVE-2009-0217 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

5CVSS7.5AI score0.06348EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.44 views

Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.: XMLDsig HMAC-based signatures spoofing and authentication bypass A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw t...

5CVSS7.4AI score0.06348EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.41 views

CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5CVSS7.5AI score0.06348EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.38 views

CentOS Update for java CESA-2009:1201 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS6.3AI score0.06348EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.28 views

CentOS Update for xmlsec1 CESA-2009:1428 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.7AI score0.06348EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/06/09 12:0 a.m.61 views

MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted...

5CVSS7.5AI score0.06348EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2010/06/09 12:0 a.m.248 views

Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)

This host is missing a critical security update according to Microsoft Bulletin MS10-041. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5CVSS7.5AI score0.06348EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/03/17 12:0 a.m.62 views

openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1980)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word...

9.3CVSS7.3AI score0.14092EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2010/03/17 12:0 a.m.35 views

openSUSE Security Update : OpenOffice_org (OpenOffice_org-1979)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word...

9.3CVSS7.3AI score0.14092EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2010/03/16 12:0 a.m.50 views

FreeBSD Ports: openoffice.org

The remote host is missing an update to the system as announced in the referenced advisory. VID c97d7a37-2233-11df-96dd-001b2134ef46 OpenVAS Vulnerability Test $ Description: Auto generated from VID c97d7a37-2233-11df-96dd-001b2134ef46 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

9.3CVSS7.6AI score0.43389EPSS
Exploits2
OpenVAS
OpenVAS
added 2010/03/16 12:0 a.m.30 views

FreeBSD Ports: openoffice.org

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS7.5AI score0.43389EPSS
Exploits2References8
Rows per page
Query Builder