Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CPE Vendor: cpe:/:xmltooling_project
- CPE Product: cpe:/:xmltooling_project:xmltooling
- CPE Product Version: cpe:/:xmltooling_project:xmltooling:1.4.4
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-9628 |
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. Published: April 11, 2019; 4:29:00 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-0851 |
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. Published: August 12, 2015; 10:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |