MiracleLinux 9 : libxml2-2.9.13-6.el9_5.1 (AXSA:2025-9658:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9658:01 advisory. libxml: use-after-free in xmlXIncludeAddNode CVE-2022-49043 Tenable has extracted the preceding description block directly from the MiracleLinux security...

libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free...

The vulnerability of the XInclude mechanism for combining XML documents in the librsvg visualization library allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the XInclude mechanism for combining XML documents in the librsvg vector graphics rendering library is related to an incorrect restriction on the path name to the restricted directory during the processing of the xi:include element. Exploiting this vulnerability could allow a...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

McAfee ePolicy Orchestrator information leakage

Information leakage via XML include...