Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by xmltooling_project
CVE-2019-9628 (GCVE-0-2019-9628)
Vulnerability from cvelistv5 – Published: 2019-04-11 19:26 – Updated: 2024-08-04 21:54
VLAI
Summary
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://shibboleth.net/community/advisories/secad… | x_refsource_MISC |
| https://usn.ubuntu.com/3921-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://wiki.shibboleth.net/confluence/display/SP… | x_refsource_MISC |
| https://bugs.launchpad.net/ubuntu/+source/xmltool… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.netapp.com/advisory/ntap-2019061… | x_refsource_CONFIRM |
Date Public
2019-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
},
{
"name": "USN-3921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3921-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
},
{
"name": "openSUSE-SU-2019:1235",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
},
{
"name": "openSUSE-SU-2019:1276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190611-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T22:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
},
{
"name": "USN-3921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3921-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
},
{
"name": "openSUSE-SU-2019:1235",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
},
{
"name": "openSUSE-SU-2019:1276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190611-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://shibboleth.net/community/advisories/secadv_20190311.txt",
"refsource": "MISC",
"url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
},
{
"name": "USN-3921-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3921-1/"
},
{
"name": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories",
"refsource": "MISC",
"url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
},
{
"name": "openSUSE-SU-2019:1235",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
},
{
"name": "openSUSE-SU-2019:1276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190611-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190611-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9628",
"datePublished": "2019-04-11T19:26:11.000Z",
"dateReserved": "2019-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0851 (GCVE-0-2015-0851)
Vulnerability from cvelistv5 – Published: 2015-08-12 14:00 – Updated: 2024-08-06 04:26
VLAI
Summary
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://shibboleth.net/community/advisories/secadv… | x_refsource_CONFIRM |
| https://git.shibboleth.net/view/?p=cpp-xmltooling… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/76134 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2015/dsa-3321 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2015-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://shibboleth.net/community/advisories/secadv_20150721.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3Ba=commitdiff%3Bh=2d795c731e6729309044607154978696a87fd900"
},
{
"name": "76134",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76134"
},
{
"name": "DSA-3321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://shibboleth.net/community/advisories/secadv_20150721.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3Ba=commitdiff%3Bh=2d795c731e6729309044607154978696a87fd900"
},
{
"name": "76134",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76134"
},
{
"name": "DSA-3321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shibboleth.net/community/advisories/secadv_20150721.txt",
"refsource": "CONFIRM",
"url": "http://shibboleth.net/community/advisories/secadv_20150721.txt"
},
{
"name": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900",
"refsource": "CONFIRM",
"url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900"
},
{
"name": "76134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76134"
},
{
"name": "DSA-3321",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0851",
"datePublished": "2015-08-12T14:00:00.000Z",
"dateReserved": "2015-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:26:11.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}