9 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40682
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3...
CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CVE-2026-40682
CVE-2026-40682 (Apache OpenNLP) XXE in DictionaryEntryPersistor via unsanitized dictionary parsing. The DictionaryEntryPersistor initializes a static SAXParserFactory at class-load time without enabling secure features, leaving DOCTYPE processing and external entity resolution enabled. When Dicti...
CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CVE-2026-40682 Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CVE-2026-40682 Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
Denial Of Service (DoS)
Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...
DEBIAN-CVE-2023-38652
Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...