Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

CVE-2026-23886

Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol OTLP backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a...

CVE-2026-23886

The CVE-2026-23886 affects the Swift W3C TraceContext component and the Swift OTel OTLP backend when used together; versions prior to 1.0.0-beta.5 (TraceContext) and 1.0.4 (OTel) are vulnerable to a denial-of-service via malformed HTTP headers that fail input validation and can crash the process ...

EUVD-2002-1042

Malware in sbrugna...

EUVD-2008-5975

Malware in sbrugna...

EUVD-2011-1110

Malware in sbrugna...

EUVD-2005-3182

Malware in sbrugna...

EUVD-2000-0078

Malware in sbrugna...

EUVD-2019-3413

Malware in sbrugna...

EUVD-2021-34132

Malicious code in bioql PyPI...

GHSA-JW4X-V69F-HH5W XmlScanner bypass leads to XXE

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing as described in . Details The scan method converts the input in the UTF-8 encoding if it is...

RHSA-2007:0208 Red Hat Security Advisory: w3c-libwww security and bug fix update

Bulletin has no description...

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

CVE-2024-34581

CVE-2024-34581 concerns the XML Signature Syntax and Processing (XMLDsig) RetrievalMethod usage, where SSRF risks may arise in implementations that process KeyInfo/RetrievalMethod data. The initial description notes that mitigations were added in XMLDsig 1.1 and 2.0 via a Best Practices document....

CVE-2024-34581

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

Fedora: Security Advisory for xalan-j2 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...

CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...