Lucene search
+L

29 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-2121

Malware in sbrugna...

7.5CVSS6.1AI score0.08402EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/18 3:4 p.m.36 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...

8.8CVSS8.9AI score0.1121EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 8:56 p.m.42 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690)

Summary IBM Sterling B2B Integrator uses Apache Santuario XML Security for Java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass securi...

7.5CVSS7.3AI score0.1121EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/02/07 8:37 a.m.4 views

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS7AI score0.01212EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/07 12:0 a.m.69 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.15 (RHSA-2024:0712)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0712 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

8.8CVSS7.1AI score0.01884EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.39 views

Oracle Application Testing Suite (Apr 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apac...

7.5CVSS6.8AI score0.1121EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/13 4:26 p.m.36 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690, CVE-2014-8152)

Summary BM Sterling B2B Integrator has addressed the secuirty vulnerabilities in Apache Santurio XML Security. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passi...

7.5CVSS7.5AI score0.1121EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.13 views

Debian: Security Advisory (DLA-85-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.6AI score0.0593EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 4:44 p.m.41 views

Security Bulletin: IBM Security Verify Governance is vulnerable to bypassing of security restrictions due to use of Apache Santuario XML Security (CVE-2019-12400, CVE-2021-40690)

Summary IBM Security Verify Governance uses Apache Santuario XML Security for Java which could allow a remote attacker to bypass security restrictions caused by a couple of vulnerabilities. This could allow the attacker to launch further attacks on the system CVE-2019-12400, CVE-2021-40690. The f...

7.5CVSS6.7AI score0.1121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:24 p.m.69 views

Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Santuario XML Security for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2009-0217 DESCRIPTION: Multiple vendor applications that utilize the W3C XML Signature Syntax and Processing XMLDsig recommendation...

7.5CVSS7.4AI score0.1121EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 5:53 a.m.35 views

Security Bulletin: IBM Tivoli Netcool Impact vulnerable to security bypass due to Apache Santuario XML Security (CVE-2021-40690)

Summary Apache Santuario XML Security is shipoped as a component of IBM Tivoli Netcool Impact. Information about security vulnerabilitiy affecting Apache Santuario XML Security has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-40690 DESCRIPTION: Apache Santuario XML...

7.5CVSS0.2AI score0.1121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 4:33 p.m.81 views

Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Summary IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the...

7.5CVSS0.2AI score0.1121EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/22 12:0 a.m.6 views

The vulnerability of the DocumentBuilders DOM analyzer on the Apache Santuario XML Security for Java platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the DocumentBuilders DOM analyzer on the Apache Santuario XML Security for Java platform is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

5.5CVSS6.6AI score0.00776EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2019/08/23 9:15 p.m.27 views

Code injection

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

1.9CVSS7.2AI score0.00776EPSS
Exploits0References14Affected Software3
Broadcom
Broadcom
added 2017/11/17 12:0 a.m.8 views

BSA-2017-471

Security Advisory ID : BSA-2017-471 Component : Apache Santuario Revision : 2.0: Final Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to...

4.3CVSS6.9AI score0.08863EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/01/21 6:59 p.m.35 views

CVE-2014-8152

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document...

5CVSS5.9AI score0.05639EPSS
Exploits0References3
OSV
OSV
added 2014/11/09 12:0 a.m.12 views

DLA-85-1 libxml-security-java - security update

Bulletin has no description...

4.3CVSS6.1AI score0.0593EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/11/07 12:0 a.m.37 views

Debian DSA-3065-1 : libxml-security-java - security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

4.3CVSS7.7AI score0.0593EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/01/31 12:0 a.m.81 views

JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)

The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the modinfo, modstatus, modimagemap, modldap, and modproxyftp modules can allow an attacker to perform cross-site scripting XSS attacks. CVE-2012-3499 - Flaws in th...

5.4CVSS8.1AI score0.29484EPSS
Exploits7References14
OSV
OSV
added 2014/01/11 1:55 a.m.8 views

CVE-2013-4517

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service memory consumption via crafted Document Type Definitions DTDs, related to signatures...

4.3CVSS6.3AI score0.08863EPSS
Exploits0References22
Rows per page
Query Builder