16 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-46751
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue...
RHEL 7 : apache-ivy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-ivy: Directory Traversal CVE-2022-37865 - Improper Restriction of XML External Entity Reference, X...
openSUSE: Security Advisory for apache (SUSE-SU-2023:4367-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Migration Toolkit for Runtimes 1.2.4 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update
Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
SUSE: Security Advisory (SUSE-SU-2023:4367-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-ivy (SUSE-SU-2023:4367-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4367-1 advisory. - Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection...
Important: apache-ivy
Issue Overview: Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own...
Amazon Linux 2 : apache-ivy (ALAS-2023-2302)
The version of apache-ivy installed on the remote host is prior to 2.3.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2302 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to XML external entity XXE due to Apache Ivy
Summary Apache Ivy may be used by plugins or custom scripts in IBM UrbanCode Deploy UCD. Apache Ivy is vulnerable to a XXE caused by improper handling of XML external entity XXE declarations by the XML parser. CVE-2022-46751 Vulnerability Details CVEID:CVE-2022-46751 DESCRIPTION: Apache Ivy could...
Amazon Linux 2023 : apache-ivy, apache-ivy-javadoc (ALAS2023-2023-336)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-336 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior t...
CVE-2022-46751
creationtimestamp| type| source ---|---|--- 2023-08-21 12:40:52+00:00| seen| https://t.me/cibsecurity/68874 2024-02-07 16:16:43+00:00| seen| https://t.me/ctinow/180780 2024-02-09 10:51:22+00:00| seen| https://t.me/ctinow/181952 2024-11-13 22:20:22+00:00| seen|...
CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751 vulnerabilities
Vulnerabilities for packages: gradle-stage0, gradle...
CVE-2022-46751 vulnerabilities
Vulnerabilities for packages: gradle-stage0, gradle...
CVE-2022-46751
CVE-2022-46751: Apache Ivy is vulnerable to XML External Entity (XXE) or XML injection due to improper restriction of DTD processing. Affected versions: Ivy prior to 2.5.2. Root cause: parsing XML files (Ivy config, Ivy files, POMs) can download external DTDs and expand entities, enabling data ex...