UBUNTU-CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

Mageia: Security Advisory (MGASA-2018-0381)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for xml-security-c FEDORA-2018-a0d02065d0

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 29 : libdigidocpp / xml-security-c (2018-a0d02065d0)

Security fix for a NULL pointer dereference in xml-security-c. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 29 Update: xml-security-c-2.0.2-1.fc29

The xml-security-c library is a C++ implementation of the XML Digital Signature specification. The library makes use of the Apache XML project's Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

Debian DLA-1594-1 : xml-security-c security update

A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification. This vulnerability does not have a CVE identifie...

Debian: Security Advisory (DLA-1594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1594-1] xml-security-c security update

Package : xml-security-c Version : 1.7.2-3+deb8u2 A vulnerability in xml-security-c, a library for the XML Digital Security specification, has been found. Different KeyInfo combinations, like signatures without public key, result in incomplete DSA structures that crash openssl during verification...

DLA-1594-1 xml-security-c - security update

Bulletin has no description...

curl: Double-free in krb5 code

The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free...

FreeBSD : xml-security-c -- crashes on malformed KeyInfo content (5786185a-9a43-11e8-b34b-6cc21735f730)

The shibboleth project reports : SAML messages, assertions, and metadata all commonly make use of the XML Signature KeyInfo construct, which expresses information about keys and certificates used in signing or encrypting XML. The Apache Santuario XML Security for C++ library contained code paths ...

Debian DLA-1458-1 : xml-security-c security update

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. For Debian 8 'Jessie', this problem has been fixed in version 1.7.2-3+deb8u1...

Debian DSA-4265-1 : xml-security-c - security update

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. C Tenable Network Security, Inc. The descriptive text and package checks in...

DSA-4265-1 xml-security-c - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4265-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2016-8619

The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the xml-security-c package of the Debian GNU/Linux operating system can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the integrity of protected information

The multiple vulnerabilities in the libxml-security-c-dev package of the Debian GNU/Linux operating system may lead to a breach of the integrity of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the integrity of protected information

The multiple vulnerabilities in the libxml-security-c package of the Debian GNU/Linux operating system can be exploited, leading to a breach of the integrity of protected information. These vulnerabilities can be exploited remotely...