libxml: Heap use after free (UAF) leads to Denial of service (DoS)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

libxml: Null pointer dereference leads to Denial of service (DoS)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...

The vulnerability of Mozilla Firefox and Firefox ESR browsers, as well as the Thunderbird email client, stems from an operation that goes beyond the buffer boundaries in memory. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of Mozilla Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to the issue of executing operations beyond the buffer boundaries in memory during the processing of XPath expressions. Exploiting this vulnerability can allow an attacker to gain...

GHSA-WRX5-RP7M-MM49 Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions

This advisory has been withdrawn due to the CVE being rejected. Original advisory text Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile and...

CVE-2022-34812

A cross-site request forgery CSRF vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions...