cbcvebase.

Debian Xmlsec1 vulnerabilities

4 known vulnerabilities affecting debian/xmlsec1.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2011-1425P3MEDIUMCVSS 5.1PoCfixed in xmlsec1 1.2.14-1.1 (bookworm)2011
CVE-2011-1425 [MEDIUM] CVE-2011-1425: xmlsec1 - xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and... xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. Scope: local bookworm: resolved (fixed in 1.2.14-1.1) bullseye: resolved (fix
debian
CVE-2009-0217P3MEDIUMCVSS 5.0fixed in mono 2.4.2.3+dfsg-1 (bookworm)2009
CVE-2009-0217 [MEDIUM] CVE-2009-0217: mono - The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendati... The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML
debian
CVE-2017-1000061P4HIGHCVSS 7.1fixed in xmlsec1 1.2.24-1 (bookworm)2017
CVE-2017-1000061 [HIGH] CVE-2017-1000061: xmlsec1 - xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when par... xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service Scope: local bookworm: resolved (fixed in 1.2.24-1) bullseye: resolved (fixed in 1.2.24-1) forky: resolved (fixed in 1.2.24-1) sid: resolved (fixed in 1.2.24-1) trixie: resolved (fixed in
debian
CVE-2009-3736P4LOWCVSS 6.9fixed in clamav 0.95+dfsg-1 (bookworm)2009
CVE-2009-3736 [MEDIUM] CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ... ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
Debian Xmlsec1 vulnerabilities | cvebase