Lucene search
K

190 matches found

OSV
OSV
added 2011/05/03 12:55 a.m.2 views

DEBIAN-CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...

10CVSS7.1AI score0.02029EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/12/08 7:7 p.m.2 views

kernel: sctp memory corruption in HMAC handling

The sctpauthasocgethmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmacids array of an SCTP peer, which allows remote attackers to cause a denial of service memory corruption and panic via a crafted value in the last element of this array...

8.3CVSS5.9AI score0.02024EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.2 views

kernel: sctp memory corruption in HMAC handling

The sctpauthasocgethmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmacids array of an SCTP peer, which allows remote attackers to cause a denial of service memory corruption and panic via a crafted value in the last element of this array...

8.3CVSS5.9AI score0.02024EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/01/14 4:32 p.m.4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.06348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/10 12:3 a.m.4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.06348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/09 11:32 p.m.4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.06348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/08 7:9 p.m.1 views

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
OSV
OSV
added 2009/07/14 11:30 p.m.2 views

DEBIAN-CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6.8AI score0.06348EPSS
Exploits0References1
CVE
CVE
added 2008/09/26 4:0 p.m.48 views

CVE-2008-3637

The CVE-2008-3637 issue affects Java for Mac OS X on 10.4.11, 10.5.4, and 10.5.5, where the HMAC provider uses an uninitialized variable, enabling remote code execution via a crafted Java applet. OpenVAS/Nessus references show that Java for Mac OS X 10.5 Update 2 (and related 10.4 Release 7/10.5 ...

9.3CVSS8.6AI score0.05732EPSS
Exploits1References8Affected Software2
OSV
OSV
added 2006/12/31 5:0 a.m.3 views

DEBIAN-CVE-2006-6858

Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client...

6.8CVSS7.1AI score0.01153EPSS
Exploits0References1
Rows per page
Query Builder