Lucene search
K

499 matches found

Cvelist
Cvelist
added 2023/01/18 12:0 a.m.27 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

10AI score0.99753EPSS
Exploits15References10
CVE
CVE
added 2023/01/18 12:0 a.m.1310 views

CVE-2022-47966

CVE-2022-47966 (ManageEngine products) is a pre-auth remote code execution vulnerability rooted in the Apache Santuario (XML Security for Java) 1.4.1 library. The XML signature processing in this version can bypass protections, enabling RCE when a SAML SSO flow is engaged by affected ManageEngine...

9.8CVSS9.8AI score0.99753EPSS
In wildExploits15References11Affected Software1
CVE
CVE
added 2023/01/17 11:35 p.m.75 views

CVE-2023-21862

CVE-2023-21862 affects Oracle Web Services Manager (OWSM) within Oracle Fusion Middleware, specifically the XML Security component in version 12.2.1.4.0. The issue stems from insufficient input validation, enabling an unauthenticated attacker with network access via HTTP to compromise OWSM, poten...

8.1CVSS7.8AI score0.00573EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.6 views

PT-2023-1241 · Oracle · Oracle Web Services Manager

Name of the Vulnerable Software and Affected Versions: Oracle Web Services Manager version 12.2.1.4.0 Description: The issue is related to insufficient input validation in the XML Security component of Oracle Web Services Manager, part of Oracle Fusion Middleware. This easily exploitable flaw...

9.4CVSS8.5AI score0.00573EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.3 views

PT-2023-1059

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14004 Zoho ManageEngine Access Manager Plus versions prior to 4308 Zoho ManageEngine Active Directory 360 versions prior to 4310 Zoho ManageEngine ADAudit Plus versions prior to 7081 Zoho...

9.8CVSS10AI score0.99753EPSS
Exploits15References174
Fedora
Fedora
added 2022/11/13 1:14 a.m.40 views

[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

7.8CVSS1.7AI score0.22791EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2022/11/07 12:0 a.m.8 views

The platform’s vulnerability related to ensuring security standards for XML Apache Santuario XML Security for Java allows attackers to trigger a service failure.

The vulnerability of the jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java component of the Apache Santuario XML Security for Java platform is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.5CVSS7.2AI score0.08863EPSS
Exploits0References5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/03 4:44 p.m.41 views

Security Bulletin: IBM Security Verify Governance is vulnerable to bypassing of security restrictions due to use of Apache Santuario XML Security (CVE-2019-12400, CVE-2021-40690)

Summary IBM Security Verify Governance uses Apache Santuario XML Security for Java which could allow a remote attacker to bypass security restrictions caused by a couple of vulnerabilities. This could allow the attacker to launch further attacks on the system CVE-2019-12400, CVE-2021-40690. The f...

7.5CVSS6.7AI score0.10448EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/10/27 12:0 a.m.31 views

Fedora: Security Advisory for xmlsec1 (FEDORA-2022-aeafd24818)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS8.1AI score0.22791EPSS
Exploits2References2
Fedora
Fedora
added 2022/10/25 1:13 p.m.50 views

[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

7.8CVSS1.7AI score0.22791EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:24 p.m.68 views

Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Santuario XML Security for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2009-0217 DESCRIPTION: Multiple vendor applications that utilize the W3C XML Signature Syntax and Processing XMLDsig recommendation...

7.5CVSS7.4AI score0.10448EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 9:43 p.m.46 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Apache Santuario XML Security for Java (CVE-2013-4517, CVE-2013-2172)

Summary IBM Sterilng B2B Integrator has addressed security vulnrabilities in Apache Santuario XML Security for Java. Vulnerability Details CVEID:CVE-2013-4517 DESCRIPTION: Apache Santuario XML Security for Java is vulnerable to a denial of service, caused by an out of memory error when allowing...

4.3CVSS5.8AI score0.08863EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/14 12:0 a.m.31 views

Ubuntu 16.04 ESM : XML Security Library vulnerability (USN-5674-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5674-1 advisory. It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information...

7.1CVSS7AI score0.01341EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/14 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-5674-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS7.1AI score0.01341EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2022/10/13 2:6 p.m.43 views

USN-5674-1: XML Security Library vulnerability

It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service...

7.1CVSS7AI score0.01341EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:39 a.m.42 views

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

Summary Apache XML Security for Java is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML security infrastructure. Information about security vulnerabilities affecting Apache XML Security for Javahas been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-4517...

7.5CVSS7.3AI score0.10448EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/08/05 4:15 p.m.4 views

CVE-2022-1704

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...

9.8CVSS7.3AI score0.00817EPSS
Exploits0References1
Prion
Prion
added 2022/08/05 4:15 p.m.22 views

Xxe

Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...

7.5CVSS9.3AI score0.00817EPSS
Exploits0References1Affected Software1
Ubuntu
Ubuntu
added 2022/07/20 10:47 a.m.70 views

USN-5525-1: Apache XML Security for Java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

7.5CVSS6.7AI score0.10448EPSS
Exploits0
OSV
OSV
added 2022/07/20 10:47 a.m.4 views

USN-5525-1 libxml-security-java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

7.5CVSS6.8AI score0.10448EPSS
Exploits0References2
Rows per page
Query Builder