Lucene search
+L

33 matches found

Snyk
Snyk
added 2026/07/02 8:27 p.m.8 views

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' through the XPath Transform process. An attacker can cause the application to become unresponsive or crash by sending specially crafted messages that exploit thi...

8.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 8:27 p.m.6 views

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' through the XPath Transform process. An attacker can cause the application to become unresponsive or crash by sending specially crafted messages that exploit thi...

8.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2083

Malware in sbrugna...

7.5CVSS6.4AI score0.1121EPSS
Exploits0References42
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.9 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.4AI score0.1121EPSS
Exploits0References3
OSV
OSV
added 2022/07/20 10:47 a.m.6 views

USN-5525-1 libxml-security-java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

7.5CVSS6.8AI score0.1121EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2022/07/20 10:47 a.m.70 views

USN-5525-1: Apache XML Security for Java vulnerability

It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an attacker to abuse an XPath Transform to extract sensitive information...

7.5CVSS6.7AI score0.1121EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.2 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/02/09 4:18 p.m.48 views

Moderate: Red Hat Security Advisory: Red Hat Integration - Service Registry release and security update [2.0.3.GA]

An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/02/09 4:18 p.m.5 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.3 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/17 9:33 p.m.4 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/01/17 12:2 p.m.64 views

Moderate: Red Hat Security Advisory: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base

This advisory resolves CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2 code base. NOTE: This advisory is informational only. There are no code changes associated with it. No action is required. Red Hat Product Securi...

7.8CVSS6.7AI score0.1121EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2021/12/15 7:8 p.m.4 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/12/15 7:8 p.m.38 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.10 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.7AI score0.1121EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2021/12/15 2:42 p.m.4 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2021/11/17 12:0 a.m.22 views

Debian: Security Advisory (DSA-5010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.1121EPSS
Exploits0References4
Debian
Debian
added 2021/11/15 5:27 p.m.43 views

[SECURITY] [DSA 5010-1] libxml-security-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5010-1 [email protected] https://www.debian.org/security/ Markus Koschany November 15, 2021 https://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.1121EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/11/15 5:5 p.m.4 views

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS6.7AI score0.1121EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/10/06 8:58 a.m.46 views

CVE-2021-40690

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

7.5CVSS4.5AI score0.1121EPSS
Exploits0References4
Rows per page
Query Builder