CVE-2017-20151 iText RUPS XfaFile.java xml external entity reference

A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. ...

CVE-2021-4295

A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. T...

CVE-2021-4295 ONC code-validator-api XML CodeValidatorApiConfiguration.java vocabularyValidationConfigurations xml external entity reference

A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. T...

CVE-2022-4818 Talend Open Studio for MDM SystemStorageWrapper.java xml external entity reference

A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference...

CVE-2022-4818

CVE-2022-4818 affects Talend Open Studio for MDM. The vulnerability is in SystemStorageWrapper.java and enables an XML External Entity (XXE) reference due to a mis-handled internal function. Upgrading to version 20221220_1938 (patch 95590db2ad6a582c371273ceab1a73ad6ed47853) addresses the issue. C...

CVE-2022-4607

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

Xxe

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

CVE-2022-4607 3D City Database OGC Web Feature Service xml external entity reference

A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch...

GHSA-WGPP-G6V9-7HXP Jenkins Plot Plugin XML External Entity Reference vulnerability

Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Plot build data' build step to have Jenkins parse a crafted file that uses external entities for extraction of secret...

CLSA-2022-1670523520 libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

CLSA-2022-1670523403 libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

CLSA-2022-1670522857 libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

CLSA-2022-1670521677 libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

libxml2: Fix of 2 CVEs

CVE-2022-40303: fix integer overflows with XMLPARSEHUGE - CVE-2022-40304: fix dict corruption caused by entity reference cycles...

CLSA-2022-1670518262 Fix CVE(s): CVE-2022-40303, CVE-2022-40304

SECURITY UPDATE: Integer overflows with XMLPARSEHUGE - debian/patches/CVE-2022-40303.patch: Impose size limits when XMLPARSEHUGE is set and add length checks to core parser functions - CVE-2022-40303 SECURITY UPDATE: Dict corruption caused by entity reference cycles -...

Mageia: Security Advisory (MGASA-2022-0412)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

MGASA-2022-0412 Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...

[SECURITY] [DSA 5271-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5271-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 05, 2022 https://www.debian.org/security/faq -...

Xxe

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction...