MiracleLinux 9 : libxml2-2.9.13-6.el9_5.1 (AXSA:2025-9658:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9658:01 advisory. libxml: use-after-free in xmlXIncludeAddNode CVE-2022-49043 Tenable has extracted the preceding description block directly from the MiracleLinux security...

libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

McAfee ePolicy Orchestrator information leakage

Information leakage via XML include...