CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-36661 – Ubuntu Security Notice USN-6274-1
https://notcve.org/view.php?id=CVE-2023-36661
25 Jun 2023 — Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.) Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery. • https://packetstorm.news/files/id/177229 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2019-9628 – Ubuntu Security Notice USN-3921-1
https://notcve.org/view.php?id=CVE-2019-9628
12 Mar 2019 — The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. La libreria XMLTooling, en todas las versiones anteriores a la V3.0.4, suministrada con el software OpenSAML y Shibboleth Service Provider, contiene una clase de parser XML. Los datos no válidos en ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0851 – Debian Security Advisory 3321-1
https://notcve.org/view.php?id=CVE-2015-0851
03 Aug 2015 — XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. Vulnerabilidad en XMLTooling-C en versión anterior a 1.5.5, tal como se utiliza en OpenSAML-C y Shibboleth Service Provider (SP), no maneja correctamente las excepciones de conversión de entero, lo que permite a atacantes remotos provocar una denegación de servicio (caída)... • http://shibboleth.net/community/advisories/secadv_20150721.txt • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2009-3476
https://notcve.org/view.php?id=CVE-2009-3476
29 Sep 2009 — Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL. Desbordamiento de búfer en OpenSAML anterior a v1.1.3 utilizado en Internet2 Shibboleth Service Provider software v1.3.x anterior a v1.3.4, y XMLTooling anterior a v1.2.2 ... • http://secunia.com/advisories/36869 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •