Lucene search
K

499 matches found

Fedora
Fedora
added 2009/08/11 10:33 p.m.42 views

[SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

5CVSS1.7AI score0.06348EPSS
Exploits0
Fedora
Fedora
added 2009/08/11 10:31 p.m.44 views

[SECURITY] Fedora 10 Update: xmlsec1-1.2.12-1.fc10

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

5CVSS1.7AI score0.06348EPSS
Exploits0
Debian
Debian
added 2009/08/06 8:38 a.m.38 views

[Backports-security-announce] Security Update for xml-security-c

Russ Allbery uploaded new packages for xml-security-c which fixed the following security problems: CVE-2009-0217 CERT VU466161 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed...

5CVSS2.3AI score0.06348EPSS
Exploits0
OSV
OSV
added 2009/08/02 12:0 a.m.21 views

DSA-1849-1 xml-security-c - signature forgery

Bulletin has no description...

5CVSS6.3AI score0.06348EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/08/01 12:0 a.m.228 views

Fedora 10 : xml-security-c-1.5.1-1.fc10 (2009-8121)

Fixes CVE-2009-0217 511915 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...

5CVSS7.4AI score0.06348EPSS
Exploits0References3
Fedora
Fedora
added 2009/07/31 6:4 p.m.42 views

[SECURITY] Fedora 11 Update: xml-security-c-1.5.1-1.fc11

The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

5CVSS2.8AI score0.06348EPSS
Exploits0
Fedora
Fedora
added 2009/07/31 5:59 p.m.52 views

[SECURITY] Fedora 10 Update: xml-security-c-1.5.1-1.fc10

The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

5CVSS2.8AI score0.06348EPSS
Exploits0
Prion
Prion
added 2009/07/14 11:30 p.m.45 views

Authentication flaw

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6.5AI score0.06348EPSS
Exploits0References86Affected Software5
OSV
OSV
added 2009/07/14 11:30 p.m.11 views

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS6AI score0.06348EPSS
Exploits0References93
NVD
NVD
added 2009/07/14 11:30 p.m.24 views

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7AI score0.06348EPSS
Exploits0References86
Debian CVE
Debian CVE
added 2009/07/14 11:0 p.m.41 views

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.7AI score0.06348EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2009/07/14 12:0 a.m.34 views

CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.1AI score0.06348EPSS
Exploits0References6
NVD
NVD
added 2009/01/15 12:30 a.m.19 views

CVE-2009-0120

The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service device reboot by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data...

7.8CVSS6.5AI score0.0355EPSS
Exploits1References5
CVE
CVE
added 2009/01/15 12:0 a.m.42 views

CVE-2009-0120

The CVE-2009-0120 entry affects IBM WebSphere DataPower XML Security Gateway XS40 firmware 3.6.1.5. It allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection (demonstrated using the string abc\r\n\r\n). The NVD entry lists a high im...

7.8CVSS6.8AI score0.0355EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2009/01/11 12:0 a.m.22 views

IBM WebSphere DataPower XML Security Gateway XS40远程拒绝服务漏洞

BUGTRAQ ID: 33169 CNCAN ID:CNCAN-2009010903 IBM WebSphere DataPower XML Security Gateway XS40是一款XML安全网关。 通过已经建立的SSL连接,发送简单的random?字符串给IBM DataPower XS40安全网关设备,可导致设备重启,造成拒绝服务攻击。 IBM WebSphere DataPower XML Security Gateway XS40 3.6.1 .5 厂商解决方案 目前没有解决方案提供:...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2009/01/08 12:0 a.m.13 views

IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service

IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service source: https://www.securityfocus.com/bid/33169/info IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Remote...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/08 12:0 a.m.31 views

IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service

source: https://www.securityfocus.com/bid/33169/info IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Remote attackers can exploit this issue to cause the device to reboot, denying service to...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/10/19 11:17 p.m.33 views

CVE-2007-5379

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml Hashfromxml method, which uses XmlSimple XML::Simple unsafely, as demonstrated by reading passwords fro...

5CVSS6.1AI score0.03969EPSS
Exploits0References3
CVE
CVE
added 2007/10/19 11:0 p.m.88 views

CVE-2007-5379

CVE-2007-5379 affects Ruby on Rails installations using Rails prior to 1.2.4. The vulnerability stems from Hash.from_xml (Hash#from_xml) using XmlSimple unsafely, enabling remote attackers to determine the existence of arbitrary files and read arbitrary XML files (e.g., passwords from Pidgin .pur...

5CVSS9.3AI score0.03969EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder