Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack. Note:...

Linux Distros Unpatched Vulnerability : CVE-2017-18926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - raptorxmlwriterstartelementcommon in raptorxmlwriter.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer,...

BIT-LIBPHP-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

GHSA-78H3-PG4X-J8CV libxmljs2 vulnerable to type confusion when parsing specially crafted XML

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes XmlNode::getlocalnamespaces on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code...

[SECURITY] Fedora 40 Update: xerces-j2-2.12.2-10.fc40

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework for building parser components and configurations that is extremely modul...

SUSE CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document,...

SUSE CVE-2013-5878

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...

OpenJDK: null xmlns handling issue (Security, 8025026)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...