Search for packages
| purl | pkg:deb/debian/xml-security-c@3.0.0-2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5vfa-7ndh-ubg5 | several |
CVE-2013-2154
|
| VCID-9tws-us7w-yfhq | Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. |
CVE-2011-2516
|
| VCID-f468-uhj2-2bdv | heap overflow |
CVE-2013-2210
|
| VCID-jf41-fevz-rbcc | several |
CVE-2013-2155
|
| VCID-x1wh-fjsq-4yak | several |
CVE-2013-2153
|
| VCID-x9wc-g2hh-w7dc | several |
CVE-2013-2156
|
| VCID-z7ht-bq8z-3qgd | XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. |
CVE-2009-0217
GHSA-8hfm-837h-hjg5 |