Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-34580

Medium priority
Needs evaluation

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on...

1 affected package

xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xml-security-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2013-2210

Medium priority

Some fixes available 3 of 4

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash)...

1 affected package

xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xml-security-c
Show less packages

CVE-2013-2156

Medium priority
Fixed

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of...

1 affected package

xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xml-security-c
Show less packages

CVE-2013-2155

Medium priority
Fixed

Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and...

1 affected package

xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xml-security-c
Show less packages

CVE-2013-2154

Low priority
Fixed

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial...

1 affected package

xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xml-security-c
Show less packages

CVE-2013-2153

Medium priority
Fixed

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content...

1 affected package

xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xml-security-c
Show less packages

CVE-2011-2516

Medium priority

Some fixes available 3 of 16

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using...

2 affected packages

shibboleth-sp2, xml-security-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shibboleth-sp2 Not affected
xml-security-c Not affected
Show less packages

CVE-2009-0217

Medium priority

Some fixes available 11 of 23

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and...

7 affected packages

libreoffice, libxml-security-java, mono, openjdk-6, openoffice.org...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libreoffice
libxml-security-java
mono
openjdk-6
openoffice.org
xml-security-c
xmlsec1
Show all 7 packages Show less packages