Lucene search
K

7 matches found

OSV
OSV
added 2021/12/20 5:53 p.m.42 views

GHSA-M9HP-7R99-94H5 Critical security issues in XML encoding in github.com/dexidp/dex

Impact The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector: Signature Validation Bypass CVE-2020-15216: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 encoding/xml instabilities: - Element namespace prefix...

9.3CVSS8.1AI score0.01718EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.29 views

Fedora 33 : golang-github-russellhaering-goxmldsig (2021-a2a7673da2)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-a2a7673da2 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

6.5CVSS6.6AI score0.00898EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/01/14 12:0 a.m.21 views

Fedora: Security Advisory for golang-github-russellhaering-goxmldsig (FEDORA-2021-a2a7673da2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS8.2AI score0.00898EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.23 views

Fedora 32 : golang-github-russellhaering-goxmldsig (2021-9316ee2948)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9316ee2948 advisory. - In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely...

6.5CVSS6.6AI score0.00898EPSS
Exploits0References2
CVE
CVE
added 2020/09/29 4:0 p.m.89 views

CVE-2020-15216

CVE-2020-15216 affects the Go package goxmldsig (XML Digital Signatures, pure Go). Before 1.1.0, a crafted XML file can cause signature validation to be bypassed, allowing an altered document to appear signed. A patch is available: upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb961...

6.5CVSS6.3AI score0.00898EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/09/29 4:0 p.m.35 views

CVE-2020-15216 Signature Validation Bypass in goxmldsig

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

5.3CVSS6.6AI score0.00898EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2020/09/29 4:0 p.m.38 views

CVE-2020-15216

In goxmldsig XML Digital Signatures implemented in pure Go before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision...

6.5CVSS6.4AI score0.00898EPSS
Exploits0
Rows per page
Query Builder