AZL-67611 CVE-2025-58767 affecting package ruby 3.3.5-7

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

BIT-NIFI-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...

BIT-NIFI-2022-29265 Improper Restriction of XML External Entity References in Multiple Components

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML...

Malicious code in @espace-client-axafr/declaration-sinistre-auto (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-41851 Malicious code in @espace-client-axafr/declaration-sinistre-auto (npm)

The package communicates with a domain associated with malicious activity...

Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses

Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users." The policy applies to markets like Bahrain, Canada, Hong...

Australia Requires Ransomware Victims to Declare Payments

A new Australian law requires larger companies to declare any ransomware payments they have made...

CVE-2022-29265

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML...

CVE-2019-12996

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

Malicious code in helper-split-export-declaration (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6daaf23e3df1ed0abe704ec032c37ed6c1d9ba40629a7588eabbb6adf785ad36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection

Description The LocalS3 project, which implements an S3-compatible storage interface, contains a critical XML External Entity XXE Injection vulnerability in its XML parsing functionality. When processing XML requests for multipart upload operations, the application accepts and processes XML...

strason is unmaintained

strason will no longer be maintained as declared by the developer. The project has been archived...

hwloc is unmaintained

hwloc will no longer be maintained as declared by the developer. The project has been archived without an issue...

bcc is unmaintained

bcc will no longer be maintained as declared by the developer. Users are recommended to use libbpf-rs instead. See libbpf-rs...

CLSA-2024-1725012247 Fix CVE(s): CVE-2024-37894

SECURITY UPDATE: Memory Corruption via Out-of-bounds Write in ESI variables assignment - debian/patches/CVE-2024-37894.patch: fix incorrect type declaration in TrieNode.cc to prevent potential type conversion issues - CVE-2024-37894...

SUSE CVE-2024-35799

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream Why Disabling stream encoder invokes a function that no longer exists. How Check if the function declaration is NULL in disable stream encoder...

CVE-2024-35799

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream Why Disabling stream encoder invokes a function that no longer exists. How Check if the function declaration is NULL in disable stream encoder...

AZL-67584 CVE-2024-35799 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream Why Disabling stream encoder invokes a function that no longer exists. How Check if the function declaration is NULL in disable stream encoder...

CVE-2024-35799 drm/amd/display: Prevent crash when disable stream

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent crash when disable stream Why Disabling stream encoder invokes a function that no longer exists. How Check if the function declaration is NULL in disable stream encoder...