149 matches found
CVE-2022-25235
xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...
CVE-2022-25235
CVE-2022-25235: In Expat (libexpat) xmltok_impl.c, there is insufficient validation of encoding (e.g., UTF-8 validity in certain contexts) prior to version 2.4.5. PUBLICLY documented impact is high/critical: CVSS 3.1 vector shows NETWORK attack, U/N UI, with C/H/I/H and a base score of 9.8. The c...
Expat 代码注入漏洞
Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat prior to 2.4.5, which stems from a lack of certain encoding validations in xmltokimpl.c. No detailed vulnerability details are currently available...
PT-2022-1764
Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.4.5 Description The issue is related to the incorrect handling of encoding validation in the xmltok impl.c component of the Expat library, specifically lacking checks for whether a UTF-8 character is valid in a certai...
UBUNTU-CVE-2022-25235
xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...
CVE-2022-25235
xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...
Apache Traffic Server (ATS) 8.0.0 < 8.1.3, 9.0.0 < 9.1.1 Multiple Vulnerabilities
Apache Traffic Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:trafficserver"...
CVE-2021-37148 Request Smuggling - transfer encoding validation
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1...
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...