rpm package
suse/xmltooling&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/xmltooling&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9628 | — | < 1.5.6-3.9.1 | 1.5.6-3.9.1 | Apr 11, 2019 | The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propaga | ||
| CVE-2018-0489 | — | < 1.5.6-3.6.1 | 1.5.6-3.6.1 | Feb 27, 2018 | Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML da | ||
| CVE-2018-0486 | — | < 1.5.6-3.3.2 | 1.5.6-3.3.2 | Jan 13, 2018 | Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a craf |
- CVE-2019-9628Apr 11, 2019affected < 1.5.6-3.9.1fixed 1.5.6-3.9.1
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propaga
- CVE-2018-0489Feb 27, 2018affected < 1.5.6-3.6.1fixed 1.5.6-3.6.1
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML da
- CVE-2018-0486Jan 13, 2018affected < 1.5.6-3.3.2fixed 1.5.6-3.3.2
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a craf