Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to missing validation of the AES-GCM authentication tag on encrypted XML nodes. An attacker can decrypt sensitive data and forge arbitrary ciphertexts by brute-forcing the authentication...

simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

Foxit PDF Reader and Foxit PDF Editor Denial of Service Vulnerability (CNVD-2021-66410)

Foxit PDF Reader is a PDF reader from Foxit China. versions prior to Foxit PDF Reader 11.0.1 and PDF Editor 11.0.1 have a security vulnerability that can be exploited by attackers stemming from the application allowing the use of stacks during recursive processing of embedded XML nodes...

CVE-2021-38566

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes...

CVE-2021-38566

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes...

Code injection

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes...

CVE-2021-38566

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows stack consumption during recursive processing of embedded XML nodes...

CVE-2021-38566

CVE-2021-38566 affects Foxit PDF Reader prior to 11.0.1 and Foxit PDF Editor prior to 11.0.1. The issue is a stack consumption vulnerability during recursive processing of embedded XML nodes. CVSS metrics indicate a Network vector, Low attack complexity, no privileges, and a HIGH impact on availa...

spice-gtk security and bug fix update

libgovirt 0.3.4-2 - Parse XML nodes automatically Related: rhbz1427467 - Set detailed error message for async call Related: rhbz1427467 spice-gtk 0.35-4 - Fix bad channel-reset on usbredir Resolves: rhbz1625550 0.35-3 - Fix insufficient encoding checks for LZ Resolves: rhbz1598652 spice-vdagent...

samlr XML nodes comment attack

Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a nameid node with [email protected] followed by . and then the attacker's domain name...