GHSA-8HFM-837H-HJG5 Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in multiple products. The Apache XML Security Java is affected by the vulnerability published in US-Cert VU 466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow ...

[SECURITY] Fedora 34 Update: golang-gopkg-src-d-git-4-4.13.1-7.fc34

A highly extensible git implementation in pure go...

[SECURITY] Fedora 35 Update: golang-gopkg-src-d-git-4-4.13.1-7.fc35

A highly extensible git implementation in pure go...

XWiki Commons代码问题漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from a script that can access any file service accessed by a user running an XWiki application server via XML script injection via XML external entities...

libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...

The vulnerability of the wddx_stackdestroy function in the PHP programming language allows a hacker to trigger a service failure or potentially cause other effects.

The vulnerability of the wddxstackdestroy function ext/wddx/wddx.c in the PHP programming language is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service interruptions or potentially have other effects through an XML documen...

The vulnerability of the ext/wddx/wddx.c component of the PHP interpreter allows a attacker to cause a service failure.

The vulnerability of the ext/wddx/wddx.c component of the PHP programming language interpreter is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause service failures by sending invalid XML documents...

FANUC ROBOGUIDE 代码问题漏洞

FANUC ROBOGUIDE is a robot simulation software from FANUC Japan. FANUC ROBOGUIDE v9.40083.00.05 and earlier versions exist XML external entity injection vulnerability, which originates from the lack of application restrictions on external entities. An attacker could exploit this vulnerability to...

CVE-2021-28505

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol...

PT-2022-2397 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 1.4.2 Description: The issue is related to a lack of validation of XML object sequences, which can be exploited by a remote attacker to conduct SQL injection attacks. This can occur in chart data requests. Th...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability previously existed in Google Chrome version 109.0.5414.119, which stemmed from an improperly implemented vulnerability in the XML implementation...

Arista Strata 安全漏洞

Arista Networks Arista Strata is a network switch from Arista Networks. A security vulnerability exists in the Arista Strata that stems from a mismatch in the IP protocol field between a rule in a port's IPv4 access list and a rule on a "vxlan" as a protocol...

The vulnerability of the XML DOM implementation lies in the lack of mechanisms for encoding or escaping output data, allowing attackers to compromise the integrity of the data.

The vulnerability of the XML DOM implementation is related to improper filtering of special characters. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the XML syntax analyzer library libexpat, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the XML syntax analyzer library libexpat is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted data...

ALPINE-CVE-2022-24763

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds...

PJSIP 安全漏洞

PJSIP is a free open source multimedia communications library written in C. A denial-of-service vulnerability exists in PJSIP that could be exploited by attackers to affect PJSIP users who use PJSIP XML parsing in their applications...

Vulnerability fixed in Arista EOS switches

Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...

CVE-2022-28154

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34

The Apache HTTP Server is a powerful, efficient, and extensible web server...