GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200912-02 Ruby on Rails: Multiple vulnerabilities The following vulnerabilities were discovered: sameer reported that lib/actioncontroller/cgiprocess.rb removes the :cookieonly attribute from the default session options...

Mandriva Security Advisory MDVSA-2009:318 (xmlsec1)

The remote host is missing an update to xmlsec1 announced via advisory MDVSA-2009:318. OpenVAS Vulnerability Test $Id: mdksa2009318.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:318 xmlsec1 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Mandriva Security Advisory MDVSA-2009:322 (mono)

The remote host is missing an update to mono announced via advisory MDVSA-2009:322. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Security Advisory MDVSA-2009:318 (xmlsec1)

The remote host is missing an update to xmlsec1 announced via advisory MDVSA-2009:318. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Security Advisory MDVSA-2009:322 (mono)

The remote host is missing an update to mono announced via advisory MDVSA-2009:322. OpenVAS Vulnerability Test $Id: mdksa2009322.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:322 mono Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

Mandriva Linux Security Advisory : mono (MDVSA-2009:322)

Multiple vulnerabilities has been found and corrected in mono : IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers CVE-2007-5197. Multiple cross-site scripting XSS...

Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)

Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in...

Sun Java JDK/JRE Multiple Vulnerabilities (Nov 2009) - Windows

Sun Java JDK/JRE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

Authentication flaw

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

CVE-2009-3875

CVE-2009-3875 : The Java Runtime Environment (JRE) in Sun/Oracle Java SE has a timing-attack flaw in the HMAC digest verification that could allow forged signatures and potentially bypass authentication. Affected products include JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and older...

CVE-2009-3875

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

Mandrake Security Advisory MDVSA-2009:268 (mono)

The remote host is missing an update to mono announced via advisory MDVSA-2009:268. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:269 (mono)

The remote host is missing an update to mono announced via advisory MDVSA-2009:269. OpenVAS Vulnerability Test $Id: mdksa2009269.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:269 mono Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:268 (mono)

The remote host is missing an update to mono announced via advisory MDVSA-2009:268. OpenVAS Vulnerability Test $Id: mdksa2009268.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:268 mono Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:269 (mono)

The remote host is missing an update to mono announced via advisory MDVSA-2009:269. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Linux Security Advisory : mono (MDVSA-2009:268)

Multiple vulnerabilities has been found and corrected in mono : Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs...

openSUSE 10 Security Update : bytefx-data-mysql (bytefx-data-mysql-6365)

The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documents. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. %NASLMINLEVEL 70300 C Tenable Network...