USN-6274-1 xmltooling vulnerability

Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery...

Ubuntu 16.04 ESM : XMLTooling vulnerability (USN-6274-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6274-1 advisory. Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this iss...

openSUSE 15 Security Update : xmltooling (SUSE-SU-2023:2766-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2766-1 advisory. - Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for...

SUSE CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

DEBIAN-CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

Server side request forgery (ssrf)

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

UBUNTU-CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

Shibboleth 代码问题漏洞

Shibboleth is an open source SAML protocol web single sign-on system for Windows based platforms from Shibboleth, UK. A security vulnerability exists in Shibboleth XMLTooling prior to version 3.2.4, which is caused by server-side request forgery SSRF via a specially crafted KeyInfo element...

CVE-2023-36661

CVE-2023-36661 affects Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider. The underlying issue is a server-side request forgery (SSRF) via a crafted KeyInfo element in XML signatures. This yields unauthenticated SSRF risk with impact on availability (per CVE ...

CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

[SECURITY] [DLA 3464-1] xmltooling security update

Debian LTS Advisory DLA-3464-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón June 21, 2023 https://wiki.debian.org/LTS Package : xmltooling Version : 3.0.4-1+deb10u2 Debian Bug : 1037948 CVE ID : not yet available Jurien de Jong discovered that the parsing...

Debian: Security Advisory (DSA-5432-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5432-1] xmltooling security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5432-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2023 https://www.debian.org/security/faq -...

libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children

A improper certificate validation flaw was found in LibreOffice allowing an attacker to manipulate a digitally signed ODF document to appear that no alteration of the document occurred since the last signing and that the signature is valid...

RHEL 8 : libreoffice (RHSA-2022:7461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7461 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

Input validation

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

libreoffice trust management issue vulnerability (CNVD-2022-55626)

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A trust management issue vulnerability exists in libreoffice, which stems from libreoffice: signature...

LibreOffice 信任管理问题漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A trust management issue vulnerability exists in libreoffice, which stems from libreoffice: signature...