Search criteria
2 vulnerabilities by xmltooling_project
CVE-2019-9628 (GCVE-0-2019-9628)
Vulnerability from cvelistv5 – Published: 2019-04-11 19:26 – Updated: 2024-08-04 21:54
VLAI?
Summary
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
},
{
"name": "USN-3921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3921-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
},
{
"name": "openSUSE-SU-2019:1235",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
},
{
"name": "openSUSE-SU-2019:1276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190611-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T22:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
},
{
"name": "USN-3921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3921-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
},
{
"name": "openSUSE-SU-2019:1235",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
},
{
"name": "openSUSE-SU-2019:1276",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190611-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://shibboleth.net/community/advisories/secadv_20190311.txt",
"refsource": "MISC",
"url": "https://shibboleth.net/community/advisories/secadv_20190311.txt"
},
{
"name": "USN-3921-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3921-1/"
},
{
"name": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories",
"refsource": "MISC",
"url": "https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912"
},
{
"name": "openSUSE-SU-2019:1235",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html"
},
{
"name": "openSUSE-SU-2019:1276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190611-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190611-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9628",
"datePublished": "2019-04-11T19:26:11",
"dateReserved": "2019-03-07T00:00:00",
"dateUpdated": "2024-08-04T21:54:44.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0851 (GCVE-0-2015-0851)
Vulnerability from cvelistv5 – Published: 2015-08-12 14:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://shibboleth.net/community/advisories/secadv_20150721.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3Ba=commitdiff%3Bh=2d795c731e6729309044607154978696a87fd900"
},
{
"name": "76134",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76134"
},
{
"name": "DSA-3321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://shibboleth.net/community/advisories/secadv_20150721.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3Ba=commitdiff%3Bh=2d795c731e6729309044607154978696a87fd900"
},
{
"name": "76134",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76134"
},
{
"name": "DSA-3321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shibboleth.net/community/advisories/secadv_20150721.txt",
"refsource": "CONFIRM",
"url": "http://shibboleth.net/community/advisories/secadv_20150721.txt"
},
{
"name": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900",
"refsource": "CONFIRM",
"url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900"
},
{
"name": "76134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76134"
},
{
"name": "DSA-3321",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-0851",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}