VulnerableCode Package Details - pkg:deb/debian/libxml-security-java@1.5.6-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-95nw-fscc-aaaa Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx	Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario	2.0.10-2+deb10u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.10-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-95nw-fscc-aaaa
Aliases:
CVE-2021-40690
GHSA-j8wc-gxx9-82hx

Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario

2.0.10-2+deb10u1
Affected by 2 other vulnerabilities.

2.0.10-2+deb11u1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-54af-zg2e-aaan	Cryptographic Issues Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature.	CVE-2013-2172 GHSA-r237-w2w6-jq3p
VCID-f3nz-xu8d-aaar	Uncontrolled Resource Consumption When applying Transforms, remote attackers could cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.	CVE-2013-4517 GHSA-4p4w-6h54-g885

Vulnerability

Summary

Aliases

VCID-54af-zg2e-aaan

Cryptographic Issues Attackers could spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the `SignedInfo` part of the Signature.

CVE-2013-2172
GHSA-r237-w2w6-jq3p

VCID-f3nz-xu8d-aaar

Uncontrolled Resource Consumption When applying Transforms, remote attackers could cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

CVE-2013-4517
GHSA-4p4w-6h54-g885

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T17:47:31.373420+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T14:11:40.295979+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:31:49.914515+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T00:07:02.379302+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	None	36.1.3
2025-06-20T21:36:36.244525+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	None	36.1.3
2025-06-20T19:46:25.737729+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	None	36.1.3
2025-06-08T10:20:31.609575+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:05:00.791683+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:25:53.304922+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T17:29:49.514424+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	None	36.1.0
2025-06-07T14:59:14.084945+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	None	36.1.0
2025-06-07T13:38:32.294648+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	None	36.1.0
2025-04-12T21:52:49.441287+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:57:27.217378+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:53:41.897505+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:01:31.089146+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:37:40.532037+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:58:10.763624+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T16:04:20.051485+00:00	Debian Oval Importer	Affected by	VCID-95nw-fscc-aaaa	None	36.0.0
2025-04-07T13:31:06.962103+00:00	Debian Oval Importer	Fixing	VCID-f3nz-xu8d-aaar	None	36.0.0
2025-04-07T12:13:55.589821+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	None	36.0.0
2024-12-31T11:36:14.114169+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-15T07:45:27.188801+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-10-05T05:36:35.687586+00:00	Debian Oval Importer	Fixing	VCID-54af-zg2e-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1