CVSS: 7.5EPSS: 7%CPEs: 16EXPL: 1CVE-2011-2516
https://notcve.org/view.php?id=CVE-2011-2516
11 Jul 2011 — Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow. Error de superación de límite (off-by-one) en la característica de firma XML en Apache XML Security para C++ v1.6.0,usado en Shibboleth anterior a v2.4.3 y posiblemente otros productos, permite a atacantes remotos provocar una den... • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063159.html • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 1%CPEs: 14EXPL: 0CVE-2009-3474
https://notcve.org/view.php?id=CVE-2009-3474
29 Sep 2009 — OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. OpenSAML v2.x anterior a v2.2.1 y XMLTooling v1.x anterior a v1.2.1, utilizado por Internet2 Shibboleth Service Provider v2.x ... • http://secunia.com/advisories/36855 • CWE-310: Cryptographic Issues •