4 matches found
SUSE CVE-2021-23418
The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...
Cisco Email Security Appliance Denial of Service Vulnerability
The Cisco Email Security Appliance ESA is an email security appliance from Cisco USA. A denial of service vulnerability exists in the email message scanning feature in Cisco ESA and Cisco Cloud Email Security versions prior to 12.5.1-037 and prior to 13.0.0-375, which stems from a faulty parsing...
Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...
Updated perl-Module-Signature packages fix security vulnerabilities
Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...