Lucene search
K

27 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-2121

Malware in sbrugna...

7.5CVSS6.1AI score0.08402EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/18 3:4 p.m.35 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...

8.2CVSS8.9AI score0.10448EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 8:56 p.m.41 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690)

Summary IBM Sterling B2B Integrator uses Apache Santuario XML Security for Java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass securi...

7.5CVSS7.3AI score0.10448EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/07 12:0 a.m.69 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0712 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

8.8CVSS7.1AI score0.01884EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.38 views

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

7.5CVSS6.8AI score0.10448EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/13 4:26 p.m.36 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690, CVE-2014-8152)

Summary BM Sterling B2B Integrator has addressed the secuirty vulnerabilities in Apache Santurio XML Security. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passi...

7.5CVSS7.5AI score0.10448EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.13 views

Debian: Security Advisory (DLA-85-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.6AI score0.0593EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 4:44 p.m.41 views

Security Bulletin: IBM Security Verify Governance is vulnerable to bypassing of security restrictions due to use of Apache Santuario XML Security (CVE-2019-12400, CVE-2021-40690)

Summary IBM Security Verify Governance uses Apache Santuario XML Security for Java which could allow a remote attacker to bypass security restrictions caused by a couple of vulnerabilities. This could allow the attacker to launch further attacks on the system CVE-2019-12400, CVE-2021-40690. The f...

7.5CVSS6.7AI score0.10448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:24 p.m.68 views

Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Santuario XML Security for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2009-0217 DESCRIPTION: Multiple vendor applications that utilize the W3C XML Signature Syntax and Processing XMLDsig recommendation...

7.5CVSS7.4AI score0.10448EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 5:53 a.m.34 views

Security Bulletin: IBM Tivoli Netcool Impact vulnerable to security bypass due to Apache Santuario XML Security (CVE-2021-40690)

Summary Apache Santuario XML Security is shipoped as a component of IBM Tivoli Netcool Impact. Information about security vulnerabilitiy affecting Apache Santuario XML Security has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-40690 DESCRIPTION: Apache Santuario XML...

7.5CVSS0.2AI score0.10448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:33 p.m.80 views

Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...

7.5CVSS0.2AI score0.10448EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/08/23 9:15 p.m.26 views

Code injection

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

1.9CVSS7.2AI score0.00776EPSS
Exploits0References14Affected Software3
UbuntuCve
UbuntuCve
added 2015/01/21 6:59 p.m.35 views

CVE-2014-8152

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document...

5CVSS5.9AI score0.05639EPSS
Exploits0References3
OSV
OSV
added 2014/11/09 12:0 a.m.12 views

DLA-85-1 libxml-security-java - security update

Bulletin has no description...

4.3CVSS6.1AI score0.0593EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/11/07 12:0 a.m.36 views

Debian DSA-3065-1 : libxml-security-java - security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

4.3CVSS7.7AI score0.0593EPSS
Exploits1References4
OSV
OSV
added 2014/11/06 12:0 a.m.34 views

DSA-3065-1 libxml-security-java - security update

Bulletin has no description...

4.3CVSS5.9AI score0.0593EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/01/31 12:0 a.m.81 views

JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)

The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the modinfo, modstatus, modimagemap, modldap, and modproxyftp modules can allow an attacker to perform cross-site scripting XSS attacks. CVE-2012-3499 - Flaws in th...

5.4CVSS8.1AI score0.29484EPSS
Exploits7References14
OSV
OSV
added 2014/01/11 1:55 a.m.7 views

CVE-2013-4517

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures...

4.3CVSS6.3AI score0.08863EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2013/09/30 5:48 p.m.34 views

Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update

Red Hat JBoss BRMS 5.3.1 roll up patch 3, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

4.3CVSS7AI score0.0593EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2013/08/20 10:55 p.m.30 views

CVE-2013-2155

Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the 1...

5.8CVSS5.9AI score0.05805EPSS
Exploits0References1
Rows per page
Query Builder