21 matches found
MiracleLinux 9 : dotnet6.0-6.0.108-1.el9.ML.1 (AXSA:2022-4039:17)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4039:17 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : dotnet6.0-6.0.108-1.el8.ML.1 (AXSA:2022-3785:11)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3785:11 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...
CVE-2013-2279
CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...
xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment
Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...
CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
Security Bulletin: IBM Robotic Process Automation may be vulnerable to spoofing attacks due to System.Security.Cryptography.Xml (CVE-2022-34716))
Summary System.Security.Cryptography.Xml is used by IBM Robotic Process Automation as part of the .NET Framework CVE-2022-34716 Vulnerability Details CVEID:CVE-2022-34716 DESCRIPTION: Microsoft .NET could allow a remote attacker to conduct spoofing attacks, caused by improper XML signature...
dotnet: External Entity Injection during XML signature verification
An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...
dotnet: External Entity Injection during XML signature verification
An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...
Moderate: Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
.NET 6.0 security, bug fix, and enhancement update
An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
.NET Core 3.1 security, bug fix, and enhancement update
An update is available for dotnet3.1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...
RLSA-2022:6057 Moderate: .NET Core 3.1 security, bug fix, and enhancement update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28...
dotnet: External Entity Injection during XML signature verification
An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...
Moderate: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
RHEL 7 : .NET Core 3.1 (RHSA-2022:6037)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6037 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
Moderate: .NET 6.0 security, bug fix, and enhancement update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8...
Debian DSA-4560-1 : simplesamlphp - security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Debian DLA-1983-1 : simplesamlphp security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 'Jessie', this problem has been fixed in version 1.13.1-2+deb8u3. We recommend that you upgrade your simplesamlphp packages...