8 matches found
EUVD-2021-2551
Malware in sbrugna...
SUSE CVE-2020-26290
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library...
Fedora: Security Advisory for golang-github-mattermost-xml-roundtrip-validator (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
ruby: XML round-trip vulnerability in REXML
A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...
[SECURITY] [DSA 5066-1] ruby2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5066-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2022 https://www.debian.org/security/faq -...
ALPINE-CVE-2021-28965
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...
CVE-2020-29511
A flaw was found in go. Encoding and decoding of XML elements could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on element integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SAML a...
CVE-2020-29509
A flaw was found in go. Encoding and decoding of XML attributes could lead to changes in the observed integrity. An attacker could use this flaw to trick applications which rely on attribute integrity for security decisions to make those decisions incorrectly. Known vulnerability use-cases are SA...