Exploit for Improper Verification of Cryptographic Signature in Pysaml2_Project Pysaml2

CVE-2021-21239 This is a poc script to explot the xmlsec vu...

EUVD-2017-1381

Malware in sbrugna...

ai.wavemaker.runtime:wavemaker-app-runtime-core (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), au.gov.nehta:clinical-document-packaging-library (=1.2.5) +2200 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=1.4.2 <=2.2.4)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.0.0-20260516144515, =1.1.1, =1.6.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =1.3.5, =1.3.7 and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

SUSE CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

com.fluxcorp.plugins:webservice-trigger (=1.0.4), com.googlecode.xades4j:xades4j (=1.3.1) +206 more potentially affected by CVE-2013-5823 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.2)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.6.0-p41, =1.0.0, =0.16, =0.16, =2.8.6, =2.10.0, =1.0.1, =1.0.1, =1.0.1, =1.0.2 - org.apache.cxf.fediz.examples:simpleWebapp =1.0.0 and more Source cves: CVE-2013-5823 Source advisory: OSV:GHSA-8GWC-X7MG-7P7P...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +294 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.4)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.1.7, =1.1.9, =1.2.5, =1.2.6 - com.fluxcorp.plugins:webservice-trigger =1.0.4 - com.googlecode.xades4j:xades4j =1.3.1 - com.sitewhere:sitewhere-core =0.9.7 - com.sitewhere:sitewhere-gnuhealth =0.9.7 - com.sitewhere:sitewhere-hbase =0.9.7 -...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +701 more potentially affected by CVE-2013-4517 via org.apache.santuario:xmlsec (>=1.4.2 <=1.5.5)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =0.1.14, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2013-4517 Source advisory: OSV:GHSA-4P4W-6H54-G885...

ai.wavemaker.runtime:wavemaker-app-runtime-core (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0) +1742 more potentially affected by CVE-2021-40690 via org.apache.santuario:xmlsec (>=1.4.2 <=2.1.6)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.0.0-20260516144515, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0, =0.1.14, =12.1.0, =16.0.4 and more Source cves: CVE-2021-40690 Source advisory: OSV:GHSA-J8WC-GXX9-82HXhttps://vuln...

au.gov.nehta:clinical-document-packaging-library (=1.2.5), au.gov.nehta:common-library (>=1.1.1 <=1.2.1) +554 more potentially affected by CVE-2021-40690 via org.apache.santuario:xmlsec (>=2.2.0 <=2.2.2)

org.apache.santuario:xmlsec MAVEN version =2.2.0, =1.1.1, =1.6.1, =1.3.5, =1.1.0, =2021.8.0, =4.20.0, =5.6.2 - cn.lindianyu:ldy-component =1.0.1 and more Source cves: CVE-2021-40690 Source advisory: OSV:GHSA-J8WC-GXX9-82HX...

Arbitrary Code Injection

xmlsec is vulnerable to arbitrary code injection. An attacker is able to inject arbitrary code via the caching mechanism that was introduced to speed up the creation of new XML documents...

xmlsec XML External Entity Injection Vulnerability

xmlsec is a C-based library for implementing XML security standards. An XML external entity injection vulnerability exists in xmlsec 1.2.23 and earlier versions. An attacker could exploit this vulnerability to obtain information or cause a denial of service with the help of a specially crafted...

CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the xmlsec1-1.2.9 package for the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the xmlsec1-openssl-devel-1.2.9 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...