551 matches found
[SECURITY] Fedora 34 Update: libxml2-2.9.14-1.fc34
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
new packages: pentaho-libxml
An update is available for pentaho-libxml. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
PHPExcel vulnerable to XXE attacks through libxml
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
GHSA-28RM-RJ57-QJPV PHPExcel vulnerable to XXE attacks through libxml
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.
Summary Multiple issues were identified in Red Hat UBIubi8/ubi-minimal v8.5-x packages "expat", "gcc", "openssl", "libxml" and go-toolset v1.16.x that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2022-22825 DESCRIPTION: Expat...
GHSA-R58R-74GX-6WX3 Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
GHSA-773H-W45W-F2F9 Denial of service vulnerability exists in libxmljs
libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a...
Mageia: Security Advisory (MGASA-2015-0199)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2019-0047)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2018-0048)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2017-0254)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
How to disable XXE processing?
In my last post I talked about XXE vulnerabilities found on popular open-source projects and more generally how to assess this type of issue. Today, I’ll talk about the different strategies to disable XXE processing. External XXE and internal entities are useful for building concise XML documents...
Debian: Security Advisory (DSA-5010-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5010-1 : libxml-security-java - security update
The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5010 advisory. - All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the secureValidation property is not passed...
DSA-5010-1 libxml-security-java - security update
Bulletin has no description...
Oracle Java SE 1.7.0_321 / 1.8.0_311 / 1.11.0_13 / 1.17.0_1 Multiple Vulnerabilities (Unix October 2021 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 321, 8 Update 311, 11 Update 13, or 17 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory: - Vulnerability in the Java SE...
Debian: Security Advisory (DLA-2767-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2767-1 : libxml-security-java - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2767 advisory. - All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the secureValidation property is not passed correctly...
DLA-2767-1 libxml-security-java - security update
Bulletin has no description...