Lucene search
K

438 matches found

Cent OS
Cent OS
added 2011/05/05 3:26 a.m.69 views

xmlsec1 security update

CentOS Errata and Security Advisory CESA-2011:0486 Updated xmlsec1 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

5.1CVSS5.9AI score0.08057EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.48 views

RHEL 4 / 5 : xmlsec1 (RHSA-2011:0486)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0486 advisory. The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A fl...

5.1CVSS5.9AI score0.08057EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2011/04/19 12:0 a.m.41 views

Debian DSA-2219-1 : xmlsec1 - arbitrary file overwrite

Nicolas Gregoire discovered that the XML Security Library xmlsec allowed remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. %NASLMINLEVEL 70300 C Tenable Network...

5.1CVSS5.6AI score0.08057EPSS
Exploits0References4
Debian
Debian
added 2011/04/18 9:2 p.m.33 views

[SECURITY] [DSA 2219-1] xmlsec1 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2219-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 18, 2011 http://www.debian.org/security/faq -...

5.1CVSS5.8AI score0.08057EPSS
Exploits0
NVD
NVD
added 2011/04/04 12:27 p.m.18 views

CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS6.4AI score0.08057EPSS
Exploits0References19
OSV
OSV
added 2011/04/04 12:27 p.m.1 views

DEBIAN-CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS6.7AI score0.08057EPSS
Exploits0References1
OSV
OSV
added 2011/04/04 12:27 p.m.8 views

CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

6.4AI score
Exploits0References19
UbuntuCve
UbuntuCve
added 2011/04/04 12:27 p.m.30 views

CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS6AI score0.08057EPSS
Exploits0References1
Prion
Prion
added 2011/04/04 12:27 p.m.22 views

Code injection

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS6.8AI score0.08057EPSS
Exploits0References19Affected Software1
Cvelist
Cvelist
added 2011/04/03 1:0 a.m.22 views

CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

7AI score0.08057EPSS
Exploits0References19
CVE
CVE
added 2011/04/03 1:0 a.m.86 views

CVE-2011-1425

XML Security Library (xmlsec) prior to 1.2.17 with XSLT enabled is vulnerable: during signature verification, using the libxslt output extension and a ds:Transform element can cause an attacker to create or overwrite arbitrary files. This is triggered by the XSLT processing path and affects produ...

5.1CVSS7.6AI score0.08057EPSS
Exploits0References19Affected Software2
Debian CVE
Debian CVE
added 2011/04/03 1:0 a.m.27 views

CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS5.3AI score0.08057EPSS
Exploits0
OSV
OSV
added 2010/11/17 4:0 p.m.0 views

DEBIAN-CVE-2010-3864

Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to 1 the T...

7.6CVSS8.5AI score0.22145EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/10/19 11:6 p.m.3 views

NSS: insecure Diffie-Hellman key exchange

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral DHE mode, which makes it easier for remote attackers to defeat...

7.5CVSS7.4AI score0.02408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/10 12:3 a.m.4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.06348EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/09 11:14 p.m.4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.06348EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2009/09/23 12:0 a.m.12 views

Solaris Update for GNU Transport Layer Security Library 123939-02

Check for the Version of GNU Transport Layer Security Library OpenVAS Vulnerability Test Solaris Update for GNU Transport Layer Security Library 123939-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

4.3CVSS0.2AI score0.01882EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/09/23 12:0 a.m.28 views

Solaris Update for GNU Transport Layer Security Library 123939-02

Check for the Version of GNU Transport Layer Security Library OpenVAS Vulnerability Test Solaris Update for GNU Transport Layer Security Library 123939-02 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

4.3CVSS0.3AI score0.01882EPSS
Exploits1References2
Cent OS
Cent OS
added 2009/09/09 12:48 a.m.150 views

xmlsec1 security update

CentOS Errata and Security Advisory CESA-2009:1428 Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C...

5CVSS6.8AI score0.06348EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2009/09/09 12:0 a.m.45 views

RedHat Security Advisory RHSA-2009:1428

The remote host is missing updates announced in advisory RHSA-2009:1428. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using...

5CVSS7.5AI score0.06348EPSS
Exploits0References4
Rows per page
Query Builder