CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

CVE-2026-32600 xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag,...

EUVD-2011-1430

Malware in sbrugna...

xmlsec1 bug fix update

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML Security Library is a C library based on LibXML2 and OpenSSL. The library...

com.github.wmixvideo:nfe (>=3.1.40 <=4.0.41), com.github.zuinnote:hadoopoffice-flinkts_2.11 (=1.7.0) +239 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=3.0.0 <=3.0.2)

org.apache.santuario:xmlsec MAVEN version =3.0.0, =3.1.40, =2022.5.1, =2022.5.1, =2022.5.1, =2022.5.1, =2022.5.1, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.4.0 and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

OneLogin ruby-saml 命令注入漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml prior to version 1.0.0, which stems from not using pre-defined statements, causing xmlsecurity.rb i...

SUSE CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

Fedora: Security Advisory for xmlsec1 (FEDORA-2022-aeafd24818)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

Ubuntu 16.04 ESM : XML Security Library vulnerability (USN-5674-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5674-1 advisory. It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information...

Ubuntu: Security Advisory (USN-5674-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5674-1: XML Security Library vulnerability

It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service...

br.net.woodstock.rockframework:rockframework-core (=1.2.4), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +462 more potentially affected by CVE-2013-5823 via org.apache.santuario:xmlsec (>=1.4.2 <=1.4.6)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.2.1, =0.1.14, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.112-RELEASE - com.ahome-it:ahome-tooling-server-vaadin-core =1.0.112-RELEASE and more Source cves: CVE-2013-5823...

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in multiple products. The Apache XML Security Java is affected by the vulnerability published in US-Cert VU 466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow ...

Fedora: Security Advisory for xmlsec1 (FEDORA-2020-9573355ff4)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 7 : xmlsec1 (CESA-2017:2492)

An update for xmlsec1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

xmlsec1 security update

CentOS Errata and Security Advisory CESA-2017:2492 An update for xmlsec1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 7 : xmlsec1 (RHSA-2017:2492)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2492 advisory. XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards XML...

Oracle Linux 7 : xmlsec1 (ELSA-2017-2492)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-2492 advisory. - CVE-2017-1000061 - CVE-2017-1000061 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...