713 matches found
OPENSUSE-SU-2022:0012-1 Security update for prosody
This update for prosody fixes the following issues: Update to 0.11.12: CVE-2022-0217: util.xml: Do not allow doctypes, comments or processing instructions bsc1194596...
Debian DLA-2871-1 : lxml - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2871 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...
Security Bulletin: IBM App Connect Enterprise Certified Container operator may be affected by CVE-2020-29510
Summary The operator for IBM App Connect Enterprise Certified Container may be affected by CVE-2020-29510 if the operator is made to process XML Vulnerability Details CVEID: CVE-2020-29510 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by the failure ...
AZL-7025 CVE-2021-43818 affecting package python-lxml for versions less than 4.8.0-1
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
Hardcoded credentials
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
The vulnerability of the installation files of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of installation files of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, and Kaspersky Security Cloud antivirus products is related to errors in processing XML requests. Exploiting this vulnerability can allow attacke...
RLSA-2021:4158 Moderate: python-lxml security update
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...
python-lxml security update
An update is available for python-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list lxml is an XML processing library providing access to libxml2 and libxslt...
ALSA-2021:4158 Moderate: python-lxml security update
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...
CVE-2021-35496
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...
CVE-2021-35496
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...
CVE-2021-35496 TIBCO JasperReports XML Eternal Entity (XXE) vulnerability
The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...
CVE-2021-35496
The CVE-2021-35496 entry concerns the XMLA Connections component in TIBCO JasperReports Server (and variants) with a low-privilege, network-accessible attacker able to interfere with XML processing. Affected products/releases include JasperReports Server 7.2.1 and below, 7.5.0/7.5.1, 7.8.0, 7.9.0...
TIBCO Software JasperReports Server 代码问题漏洞
Tibco Software TIBCO Software JasperReports Server is an embeddable reporting server from TIBCO Software USA that provides reporting and analytics functionality that can be embedded into web or mobile devices. A code issue vulnerability exists in TIBCO Software JasperReports Server, which arises...
XML External Entity Reference in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...
GHSA-7RP6-W7MG-H8RW XML External Entity Reference in Apache Jena
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...
XML External Entity (XXE)
jena-core is vulnerable to XML external entity. An attacker is able to execute XML External Entities XXE due to lack of secure XML processing, subsequently exposing the contents of local files to a remote server...
DEBIAN-CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...
CVE-2021-39239
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...