Search for packages
| purl | pkg:deb/debian/libxml-security-java@1.4.3-2%2Bdeb6u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2w4b-at7v-jfew
Aliases: CVE-2021-40690 GHSA-j8wc-gxx9-82hx |
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-c4p7-a674-mbgy
Aliases: CVE-2013-4517 GHSA-4p4w-6h54-g885 |
Affected by 1 other vulnerability. |
|
|
VCID-z1y7-dhpx-4yh1
Aliases: CVE-2013-2172 GHSA-r237-w2w6-jq3p |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T19:12:52.575581+00:00 | Debian Oval Importer | Affected by | VCID-2w4b-at7v-jfew | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T17:58:51.248830+00:00 | Debian Oval Importer | Affected by | VCID-c4p7-a674-mbgy | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T16:34:43.030066+00:00 | Debian Oval Importer | Affected by | VCID-z1y7-dhpx-4yh1 | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T11:26:28.026536+00:00 | Debian Oval Importer | Affected by | VCID-2w4b-at7v-jfew | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 37.0.0 |
| 2025-08-01T09:29:15.537050+00:00 | Debian Oval Importer | Affected by | VCID-z1y7-dhpx-4yh1 | https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 | 37.0.0 |