Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : dotnet6.0-6.0.108-1.el9.ML.1 (AXSA:2022-4039:17)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4039:17 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...

5.9CVSS7.9AI score0.0192EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.10 views

MiracleLinux 8 : dotnet6.0-6.0.108-1.el8.ML.1 (AXSA:2022-3785:11)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3785:11 advisory. dotnet: External Entity Injection during XML signature verification CVE-2022-34716 Tenable has extracted the preceding description block directly from the...

5.9CVSS5.6AI score0.0192EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:57 a.m.9 views

CVE-2013-2279

CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...

7.5CVSS7.1AI score0.01527EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/14 5:16 p.m.20 views

xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment

Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...

9.3CVSS7AI score0.09378EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2025/03/14 5:5 p.m.15 views

CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

9.3CVSS0.0905EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/05/02 6:48 a.m.19 views

CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

10CVSS6.7AI score0.00833EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/05/02 6:48 a.m.55 views

CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

10CVSS9.6AI score0.00833EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/29 2:43 p.m.34 views

Security Bulletin: IBM Robotic Process Automation may be vulnerable to spoofing attacks due to System.Security.Cryptography.Xml (CVE-2022-34716))

Summary System.Security.Cryptography.Xml is used by IBM Robotic Process Automation as part of the .NET Framework CVE-2022-34716 Vulnerability Details CVEID:CVE-2022-34716 DESCRIPTION: Microsoft .NET could allow a remote attacker to conduct spoofing attacks, caused by improper XML signature...

5.9CVSS5.7AI score0.0192EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2022/08/15 9:5 a.m.4 views

dotnet: External Entity Injection during XML signature verification

An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...

5.9CVSS5.8AI score0.0192EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/15 9:4 a.m.7 views

dotnet: External Entity Injection during XML signature verification

An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...

5.9CVSS5.8AI score0.0192EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/15 9:4 a.m.52 views

Moderate: Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.3CVSS6.9AI score0.0192EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2022/08/15 7:40 a.m.46 views

.NET 6.0 security, bug fix, and enhancement update

An update is available for dotnet6.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

5.9CVSS6.5AI score0.0192EPSS
Exploits0
Rockylinux
Rockylinux
added 2022/08/15 7:23 a.m.35 views

.NET Core 3.1 security, bug fix, and enhancement update

An update is available for dotnet3.1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

9.3CVSS6.5AI score0.0192EPSS
Exploits1
OSV
OSV
added 2022/08/15 7:23 a.m.23 views

RLSA-2022:6057 Moderate: .NET Core 3.1 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28...

9.3CVSS6.9AI score0.0192EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/08/10 1:59 p.m.6 views

dotnet: External Entity Injection during XML signature verification

An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...

5.9CVSS5.8AI score0.0192EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/10 1:59 p.m.46 views

Moderate: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

5.9CVSS6.8AI score0.0192EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/08/10 12:0 a.m.32 views

RHEL 7 : .NET Core 3.1 (RHSA-2022:6037)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6037 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

9.3CVSS7.2AI score0.0192EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2022/08/10 12:0 a.m.40 views

Moderate: .NET 6.0 security, bug fix, and enhancement update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8...

5.9CVSS6.5AI score0.0192EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/11/07 12:0 a.m.42 views

Debian DSA-4560-1 : simplesamlphp - security update

It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

8.8CVSS7.8AI score0.03024EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/11/07 12:0 a.m.37 views

Debian DLA-1983-1 : simplesamlphp security update

It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 'Jessie', this problem has been fixed in version 1.13.1-2+deb8u3. We recommend that you upgrade your simplesamlphp packages...

8.8CVSS7.6AI score0.03024EPSS
Exploits0References3
Rows per page
Query Builder