apache xml security for c vulnerabilities and exploits

(subscribe to this query)

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) prior to 1.7.2 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPo...

Apache Xml Security For C++ 1.6.0 Apache Xml Security For C++ 1.1.0 Apache Xml Security For C++ 1.6.1 Apache Xml Security For C++ 1.2.1 Apache Xml Security For C++ 1.5.1 Apache Xml Security For C++ 1.5.0 Apache Xml Security For C++ 0.2.0 Apache Xml Security For C++ 1.3.0 Apache Xml Security For C++ 1.7.0 Apache Xml Security For C++Apache Xml Security For C++ 1.4.0 Apache Xml Security For C++ 1.3.1 Apache Xml Security For C++ 1.2.0 Apache Xml Security For C++ 0.1.0

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) prior to 1.7.1 allows context-dependent malicious users to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signat...

Apache Xml Security For C++ 1.6.0 Apache Xml Security For C++ 1.1.0 Apache Xml Security For C++ 1.6.1 Apache Xml Security For C++ 1.2.1 Apache Xml Security For C++ 1.5.1 Apache Xml Security For C++ 1.5.0 Apache Xml Security For C++ 0.2.0 Apache Xml Security For C++ 1.3.0 Apache Xml Security For C++Apache Xml Security For C++ 1.4.0 Apache Xml Security For C++ 1.3.1 Apache Xml Security For C++ 1.2.0 Apache Xml Security For C++ 0.1.0

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) prior to 1.7.1 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute a...

Apache Xml Security For C++ 1.6.0 Apache Xml Security For C++ 1.1.0 Apache Xml Security For C++ 1.6.1 Apache Xml Security For C++ 1.2.1 Apache Xml Security For C++ 1.5.1 Apache Xml Security For C++ 1.5.0 Apache Xml Security For C++ 0.2.0 Apache Xml Security For C++ 1.3.0 Apache Xml Security For C++Apache Xml Security For C++ 1.4.0 Apache Xml Security For C++ 1.3.1 Apache Xml Security For C++ 1.2.0 Apache Xml Security For C++ 0.1.0

Apache Santuario XML Security for C++ (aka xml-security-c) prior to 1.7.1 does not properly validate length values, which allows remote malicious users to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to...

Apache Xml Security For C++ 1.6.0 Apache Xml Security For C++ 1.1.0 Apache Xml Security For C++ 1.6.1 Apache Xml Security For C++ 1.2.1 Apache Xml Security For C++ 1.5.1 Apache Xml Security For C++ 1.5.0 Apache Xml Security For C++ 0.2.0 Apache Xml Security For C++ 1.3.0 Apache Xml Security For C++Apache Xml Security For C++ 1.4.0 Apache Xml Security For C++ 1.3.1 Apache Xml Security For C++ 1.2.0 Apache Xml Security For C++ 0.1.0

Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) prior to 1.7.1 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitr...

Apache Xml Security For C++ 1.6.0 Apache Xml Security For C++ 1.1.0 Apache Xml Security For C++ 1.6.1 Apache Xml Security For C++ 1.2.1 Apache Xml Security For C++ 1.5.1 Apache Xml Security For C++ 1.5.0 Apache Xml Security For C++ 0.2.0 Apache Xml Security For C++ 1.3.0 Apache Xml Security For C++Apache Xml Security For C++ 1.4.0 Apache Xml Security For C++ 1.3.1 Apache Xml Security For C++ 1.2.0 Apache Xml Security For C++ 0.1.0

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and previous versions allows context-dependent malicious users to have unspecified impact via an invalid character in an XML document.

Apache Xerces-c++Opensuse Opensuse 13.2

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth prior to 2.4.3 and possibly other products, allows remote malicious users to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer ...

Apache Xml Security For C++ 1.6.0 Shibboleth Shibboleth-sp 1.3.2 Shibboleth Shibboleth-sp 1.3.3 Shibboleth Shibboleth-sp Shibboleth Shibboleth-sp 2.4.1 Shibboleth Shibboleth-sp 1.3.4 Shibboleth Shibboleth-sp 2.2 Shibboleth Shibboleth-sp 2.1 Shibboleth Shibboleth-sp 1.3f Shibboleth Shibboleth-sp 2.0 Shibboleth Shibboleth-sp 2.4 Shibboleth Shibboleth-sp 2.2.1 Shibboleth Shibboleth-sp 2.3.1 Shibboleth Shibboleth-sp 2.3 Shibboleth Shibboleth-sp 1.3.1 Shibboleth Shibboleth-sp 1.3.5

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent malicious users to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that t...

Libexpat Project Libexpat 2.0.1 Apache Http Server

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent malicious users to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-re...

Libexpat Project Libexpat 2.0.1 Apache Http Server

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be ...

Apache Xerces-c++Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server Aus 7.7 Redhat Enterprise Linux Server Tus 7.7 Redhat Enterprise Linux Eus 7.7 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Oracle Goldengate

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook