VYPR

Santuario XML Security For Java

by Apache

Source repositories

CVEs (7)

  • CVE-2019-12400MedAug 23, 2019
    risk 0.36cvss 5.5epss 0.01

    In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class…

  • CVE-2013-2156Aug 20, 2013
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…

  • CVE-2013-2154Aug 20, 2013
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute…

  • CVE-2014-8152Jan 21, 2015
    risk 0.00cvss epss 0.06

    Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

  • CVE-2013-4517Jan 11, 2014
    risk 0.00cvss epss 0.09

    Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

  • CVE-2013-2172Aug 20, 2013
    risk 0.00cvss epss 0.06

    jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak…

  • CVE-2013-2155Aug 20, 2013
    risk 0.00cvss epss 0.06

    Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the…