119 matches found
Inkscape 代码问题漏洞
Inkscape is an open-source graphic editor developed by Inkscape itself. Prior to Inkscape 1.3, there were code-related vulnerabilities. These vulnerabilities stemmed from issues with the XInclude processing component, which allowed local file leaks. This could enable remote attackers to access...
CVE-2026-33913
OpenEMR is affected by a CCDA import vulnerability (XInclude Injection) in the Carecoordination module prior to v8.0.0.3. An authenticated user can upload a crafted CCDA containing to read arbitrary server files. The issue is mitigated by upgrading to OpenEMR v8.0.0.3. The CVSS details indicate ...
CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....
CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....
CVE-2026-23739
A flaw was found in Asterisk. The astxmlopen function in xml.c processes XML documents using libxml with unsafe parsing options, enabling entity expansion and XInclude processing. A remote attacker can exploit this by providing specially crafted XML input, leading to XML External Entity XXE or...
CVE-2026-23739
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
CVE-2026-23739
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
EUVD-2026-5646
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
CVE-2026-23739
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
MiracleLinux 8 : libxml2-2.9.7-9.el8.2 (AXSA:2021-2193:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2193:02 advisory. libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in...
Siemens SIMATIC Devices Use After Free (CVE-2024-25062)
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. This plugin only works with Tenable.ot. Please...
JLSEC-2025-85 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free...
ROS-20250814-07
A vulnerability in the libxml2 library is related to a post-release usage error in the function xmlXIncludeAddNode in xinclude.c. Exploitation of the vulnerability could allow an attacker acting remotely to compromise a vulnerable system...
Use-after-free in xmlValidatePopElement() using XMLReader API (CVE-2024-25062)
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
OESA-2025-1104 libxml2 security update
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-2672)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...