EUVD-2011-2501

Malware in sbrugna...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache XML Security for Java.

Summary Multiple vulnerabilities in Apache XML Security for Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-20945 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker...

Linux Distros Unpatched Vulnerability : CVE-2024-34580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

CVE-2024-34580

Removed by vendor...

PT-2024-25994 · Apache · Apache Xml Security For C++

Name of the Vulnerable Software and Affected Versions: Apache XML Security for C++ versions 2.0.4 and earlier Description: The issue is related to the implementation of the XML Signature Syntax and Processing XMLDsig specification, which lacks protection against an SSRF payload in a KeyInfo...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

Summary Apache XML Security for Java is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML security infrastructure. Information about security vulnerabilities affecting Apache XML Security for Javahas been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-4517...

USN-5525-1: Apache XML Security for Java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in multiple products. The Apache XML Security Java is affected by the vulnerability published in US-Cert VU 466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow ...

Mageia: Security Advisory (MGASA-2014-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1458-1] xml-security-c security update

Package : xml-security-c Version : 1.7.2-3+deb8u1 CVE ID : not yet available Debian Bug : 905332 It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing...

[SECURITY] [DSA 4265-1] xml-security-c security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4265-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 05, 2018 https://www.debian.org/security/faq -...

MGASA-2014-0002 Updated xml-security package fixes security vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...

[USN-2028-1] Apache XML Security for Java vulnerability

========================================================================== Ubuntu Security Notice USN-2028-1 November 12, 2013 libxml-security-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

USN-2028-1: Apache XML Security for Java vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures...

Apache XML Security签名伪造漏洞

CVE ID:CVE-2013-2172 Apache XML Security是一个XML安全标准下的数字签名实现 XML签名包含一个"CanonicalizationMethod"参数用于指定应用于签名的SignedInfo部分所需的规范化算法canonicalization algorithm。而实际是XML签名的Apache Santuario XML Security for Java实现允许把任意算法指定给此参数，可被利用对XML签名进行伪造攻击 0 Apache XML Security Java 1.5.x Apache XML Security Java 1.4.x...

FreeBSD : apache-xml-security-c -- heap overflow during XPointer evaluation (81da673e-dfe1-11e2-9389-08002798f6ff)

The Apache Software Foundation reports : The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. %NASLMINLEVEL 70300 ...

FreeBSD : apache-xml-security-c -- heap overflow (279e5f4b-d823-11e2-928e-08002798f6ff)

The Apache Software Foundation reports : A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signi...