Search for packages
Package details: pkg:deb/debian/xmlsec1@1.2.9-5%2Blenny1
purl pkg:deb/debian/xmlsec1@1.2.9-5%2Blenny1
Next non-vulnerable version 1.2.27-2
Latest non-vulnerable version 1.2.27-2
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-7zat-xwhp-aaak
Aliases:
CVE-2011-1425
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.
1.2.18-2
Affected by 1 other vulnerability.
VCID-9zw8-dcvx-aaae
Aliases:
CVE-2017-1000061
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
1.2.27-2
Affected by 0 other vulnerabilities.
VCID-kdf2-e615-aaaj
Aliases:
CVE-2009-3736
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
1.2.14-1+squeeze1
Affected by 2 other vulnerabilities.
VCID-s9fq-hc6s-aaad
Aliases:
CVE-2009-0217
GHSA-8hfm-837h-hjg5
XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
1.2.14-1+squeeze1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T16:28:17.913556+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:23:58.461024+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:07:16.272319+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:28:17.464499+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-20T23:32:13.201409+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae None 36.1.3
2025-06-20T22:33:04.778237+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad None 36.1.3
2025-06-20T22:09:17.007950+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj None 36.1.3
2025-06-20T19:30:26.584398+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak None 36.1.3
2025-06-08T12:13:49.429976+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:13:20.778593+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:57:20.544105+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:54:34.125556+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:14:11.643137+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:09:59.780985+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:00:45.833768+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:21:18.875863+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T16:55:08.930207+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae None 36.1.0
2025-06-07T15:57:08.097770+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad None 36.1.0
2025-06-07T15:33:16.213301+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj None 36.1.0
2025-06-07T13:27:15.891750+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak None 36.1.0
2025-04-12T17:59:31.844530+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:59:02.243089+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:42:32.074178+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:39:41.622368+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:46:09.769865+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:41:51.496511+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:33:06.071262+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:53:57.074923+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T15:28:08.635662+00:00 Debian Oval Importer Affected by VCID-9zw8-dcvx-aaae None 36.0.0
2025-04-07T14:28:10.237324+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad None 36.0.0
2025-04-07T14:04:14.837351+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj None 36.0.0
2025-04-07T12:02:47.174102+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak None 36.0.0
2024-11-28T05:05:27.229577+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T09:54:18.655489+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T00:23:09.741847+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T18:25:48.246127+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T05:23:48.232240+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T22:48:29.347361+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T01:50:41.063659+00:00 Debian Oval Importer Affected by VCID-7zat-xwhp-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T20:38:22.150312+00:00 Debian Oval Importer Affected by VCID-kdf2-e615-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T18:13:05.949683+00:00 Debian Oval Importer Affected by VCID-s9fq-hc6s-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1