499 matches found
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...
CVE-2022-47966
CVE-2022-47966 (ManageEngine products) is a pre-auth remote code execution vulnerability rooted in the Apache Santuario (XML Security for Java) 1.4.1 library. The XML signature processing in this version can bypass protections, enabling RCE when a SAML SSO flow is engaged by affected ManageEngine...
CVE-2023-21862
CVE-2023-21862 affects Oracle Web Services Manager (OWSM) within Oracle Fusion Middleware, specifically the XML Security component in version 12.2.1.4.0. The issue stems from insufficient input validation, enabling an unauthenticated attacker with network access via HTTP to compromise OWSM, poten...
PT-2023-1241 · Oracle · Oracle Web Services Manager
Name of the Vulnerable Software and Affected Versions: Oracle Web Services Manager version 12.2.1.4.0 Description: The issue is related to insufficient input validation in the XML Security component of Oracle Web Services Manager, part of Oracle Fusion Middleware. This easily exploitable flaw...
PT-2023-1059
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions prior to 14004 Zoho ManageEngine Access Manager Plus versions prior to 4308 Zoho ManageEngine Active Directory 360 versions prior to 4310 Zoho ManageEngine ADAudit Plus versions prior to 7081 Zoho...
[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...
The platform’s vulnerability related to ensuring security standards for XML Apache Santuario XML Security for Java allows attackers to trigger a service failure.
The vulnerability of the jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java component of the Apache Santuario XML Security for Java platform is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
Security Bulletin: IBM Security Verify Governance is vulnerable to bypassing of security restrictions due to use of Apache Santuario XML Security (CVE-2019-12400, CVE-2021-40690)
Summary IBM Security Verify Governance uses Apache Santuario XML Security for Java which could allow a remote attacker to bypass security restrictions caused by a couple of vulnerabilities. This could allow the attacker to launch further attacks on the system CVE-2019-12400, CVE-2021-40690. The f...
Fedora: Security Advisory for xmlsec1 (FEDORA-2022-aeafd24818)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...
Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Apache Santuario XML Security for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2009-0217 DESCRIPTION: Multiple vendor applications that utilize the W3C XML Signature Syntax and Processing XMLDsig recommendation...
Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Apache Santuario XML Security for Java (CVE-2013-4517, CVE-2013-2172)
Summary IBM Sterilng B2B Integrator has addressed security vulnrabilities in Apache Santuario XML Security for Java. Vulnerability Details CVEID:CVE-2013-4517 DESCRIPTION: Apache Santuario XML Security for Java is vulnerable to a denial of service, caused by an out of memory error when allowing...
Ubuntu 16.04 ESM : XML Security Library vulnerability (USN-5674-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5674-1 advisory. It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information...
Ubuntu: Security Advisory (USN-5674-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5674-1: XML Security Library vulnerability
It was discovered that XML Security Library incorrectly handled certain input documents. An attacker could possibly use this issue to obtain sensitive information or cause a denial of service...
Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)
Summary Apache XML Security for Java is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML security infrastructure. Information about security vulnerabilities affecting Apache XML Security for Javahas been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-4517...
CVE-2022-1704
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...
Xxe
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup...
USN-5525-1: Apache XML Security for Java vulnerability
It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...
USN-5525-1 libxml-security-java vulnerability
It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...