Exploit for Improper Verification of Cryptographic Signature in Pysaml2_Project Pysaml2

CVE-2021-21239 This is a poc script to explot the xmlsec vu...

EUVD-2017-1381

Malware in sbrugna...

au.gov.nehta:clinical-document-packaging-library (=1.2.5), au.gov.nehta:common-library (>=1.1.1 <=1.2.1) +2199 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=1.4.2 <=2.2.4)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.1.1, =1.6.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =1.3.5, =1.3.7 - cc.drx:poi2.13 =ee and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...

SUSE CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

com.fluxcorp.plugins:webservice-trigger (=1.0.4), com.googlecode.xades4j:xades4j (=1.3.1) +206 more potentially affected by CVE-2013-5823 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.2)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.6.0-p41, =1.0.0, =0.16, =0.16, =2.8.6, =2.10.0, =1.0.1, =1.0.1, =1.0.1, =1.0.2 - org.apache.cxf.fediz.examples:simpleWebapp =1.0.0 and more Source cves: CVE-2013-5823 Source advisory: OSV:GHSA-8GWC-X7MG-7P7P...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +294 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.4)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.1.7, =1.1.9, =1.2.5, =1.2.6 - com.fluxcorp.plugins:webservice-trigger =1.0.4 - com.googlecode.xades4j:xades4j =1.3.1 - com.sitewhere:sitewhere-core =0.9.7 - com.sitewhere:sitewhere-gnuhealth =0.9.7 - com.sitewhere:sitewhere-hbase =0.9.7 -...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +701 more potentially affected by CVE-2013-4517 via org.apache.santuario:xmlsec (>=1.4.2 <=1.5.5)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =0.1.14, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2013-4517 Source advisory: OSV:GHSA-4P4W-6H54-G885...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +1741 more potentially affected by CVE-2021-40690 via org.apache.santuario:xmlsec (>=1.4.2 <=2.1.6)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0, =0.1.14, =12.1.0, =12.1.1, =16.0.4 and more Source cves: CVE-2021-40690 Source advisory:...

au.gov.nehta:clinical-document-packaging-library (=1.2.5), au.gov.nehta:common-library (>=1.1.1 <=1.2.1) +554 more potentially affected by CVE-2021-40690 via org.apache.santuario:xmlsec (>=2.2.0 <=2.2.2)

org.apache.santuario:xmlsec MAVEN version =2.2.0, =1.1.1, =1.6.1, =1.3.5, =1.1.0, =2021.8.0, =4.20.0, =5.6.2 - cn.lindianyu:ldy-component =1.0.1 and more Source cves: CVE-2021-40690 Source advisory: OSV:GHSA-J8WC-GXX9-82HX...

Arbitrary Code Injection

xmlsec is vulnerable to arbitrary code injection. An attacker is able to inject arbitrary code via the caching mechanism that was introduced to speed up the creation of new XML documents...

xmlsec XML External Entity Injection Vulnerability

xmlsec is a C-based library for implementing XML security standards. An XML external entity injection vulnerability exists in xmlsec 1.2.23 and earlier versions. An attacker could exploit this vulnerability to obtain information or cause a denial of service with the help of a specially crafted...

CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...