75 matches found
EUVD-2009-2026
Malware in sbrugna...
EUVD-2009-1174
Malware in sbrugna...
EUVD-2013-2118
Malware in sbrugna...
EUVD-2007-3700
Malware in sbrugna...
EUVD-2010-4441
Malware in sbrugna...
EUVD-2025-7891
Malicious code in bioql PyPI...
EUVD-2025-7890
Malicious code in bioql PyPI...
CVE-2025-29775
A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a...
CVE-2025-29774
A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a...
CVE-2025-29775
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...
PT-2024-25994 · Apache · Apache Xml Security For C++
Name of the Vulnerable Software and Affected Versions: Apache XML Security for C++ versions 2.0.4 and earlier Description: The issue is related to the implementation of the XML Signature Syntax and Processing XMLDsig specification, which lacks protection against an SSRF payload in a KeyInfo...
GHSA-FJR2-R2MP-484P Duplicate Advisory: SimpleSAMLphp signature validation bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...
Duplicate Advisory: SimpleSAMLphp signature validation bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4qf-3w33-8cgc. This link is maintained to preserve external references. Original Description Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML...
EUVD-2024-1373
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
SUSE CVE-2010-4472
Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011...
[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...
[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...
Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-2773)
Summary Two XML Digital Signature APIs implemented in the XMLDSigRI provider throw unexpected Exception types. An attacker could exploit this to inflict a DoS. The fix ensures that all Exceptions thrown from these APIs are wrapped in instances of javax.xml.crypto.MarshalException. Vulnerability...
Security Bulletin: CVE-2020-2773 (deferred from Oracle Apr 2020 CPU)
Summary Two XML Digital Signature APIs implemented in the XMLDSigRI provider throw unexpected Exception types. An attacker could exploit this to inflict a DoS. The fix ensures that all Exceptions thrown from these APIs are wrapped in instances of javax.xml.crypto.MarshalException. Vulnerability...