27 matches found
EUVD-2013-2121
Malware in sbrugna...
Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690)
Summary IBM Sterling B2B Integrator uses Apache Santuario XML Security for Java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass securi...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0712 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Oracle Application Testing Suite (Apr 2023 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690, CVE-2014-8152)
Summary BM Sterling B2B Integrator has addressed the secuirty vulnerabilities in Apache Santurio XML Security. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passi...
Debian: Security Advisory (DLA-85-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Security Verify Governance is vulnerable to bypassing of security restrictions due to use of Apache Santuario XML Security (CVE-2019-12400, CVE-2021-40690)
Summary IBM Security Verify Governance uses Apache Santuario XML Security for Java which could allow a remote attacker to bypass security restrictions caused by a couple of vulnerabilities. This could allow the attacker to launch further attacks on the system CVE-2019-12400, CVE-2021-40690. The f...
Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Apache Santuario XML Security for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2009-0217 DESCRIPTION: Multiple vendor applications that utilize the W3C XML Signature Syntax and Processing XMLDsig recommendation...
Security Bulletin: IBM Tivoli Netcool Impact vulnerable to security bypass due to Apache Santuario XML Security (CVE-2021-40690)
Summary Apache Santuario XML Security is shipoped as a component of IBM Tivoli Netcool Impact. Information about security vulnerabilitiy affecting Apache Santuario XML Security has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-40690 DESCRIPTION: Apache Santuario XML...
Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)
Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...
Code injection
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
CVE-2014-8152
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document...
DLA-85-1 libxml-security-java - security update
Bulletin has no description...
Debian DSA-3065-1 : libxml-security-java - security update
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
DSA-3065-1 libxml-security-java - security update
Bulletin has no description...
JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)
The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the modinfo, modstatus, modimagemap, modldap, and modproxyftp modules can allow an attacker to perform cross-site scripting XSS attacks. CVE-2012-3499 - Flaws in th...
CVE-2013-4517
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update
Red Hat JBoss BRMS 5.3.1 roll up patch 3, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
CVE-2013-2155
Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...