Search CVE reports
1 – 3 of 3 results
Some fixes available 2 of 4
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
1 affected package
xmlsec1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmlsec1 | — | Not affected | Not affected | Not affected |
Some fixes available 2 of 6
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output...
1 affected package
xmlsec1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmlsec1 | — | — | — | — |
Some fixes available 11 of 23
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and...
7 affected packages
mono, libreoffice, libxml-security-java, openjdk-6, openoffice.org...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mono | — | — | — | — |
| libreoffice | — | — | — | — |
| libxml-security-java | — | — | — | — |
| openjdk-6 | — | — | — | — |
| openoffice.org | — | — | — | — |
| xml-security-c | — | — | — | — |
| xmlsec1 | — | — | — | — |