EUVD-2009-3456

Malware in sbrugna...

Ubuntu 16.04 ESM : XMLTooling vulnerability (USN-6274-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6274-1 advisory. Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this iss...

DEBIAN-CVE-2023-36661

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : XMLTooling vulnerability (USN-3921-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3921-1 advisory. It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause...

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...