Search for packages
| purl | pkg:deb/debian/xml-security-c@1.5.1-3%2Bsqueeze3 |
| Next non-vulnerable version | 1.7.3-4+deb9u3 |
| Latest non-vulnerable version | 1.7.3-4+deb9u3 |
| Risk | 0.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5vfa-7ndh-ubg5
Aliases: CVE-2013-2154 |
several |
Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-9tws-us7w-yfhq
Aliases: CVE-2011-2516 |
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. |
Affected by 6 other vulnerabilities. |
|
VCID-f468-uhj2-2bdv
Aliases: CVE-2013-2210 |
heap overflow |
Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-jf41-fevz-rbcc
Aliases: CVE-2013-2155 |
several |
Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-x1wh-fjsq-4yak
Aliases: CVE-2013-2153 |
several |
Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-x9wc-g2hh-w7dc
Aliases: CVE-2013-2156 |
several |
Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-yab9-4unt-nfbj
Aliases: DSA-4265-1 xml-security-c |
security update |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-z7ht-bq8z-3qgd | XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. |
CVE-2009-0217
GHSA-8hfm-837h-hjg5 |