Vulnerabilities fixed in Zohocorp's ManageEngine

Zohocorp has fixed vulnerabilities in ManageEngine Specifically for ADManager Plus, EndPoint Central and Analytics Plus. The vulnerabilities include an authenticated command injection in ADManager Plus, XML injections in EndPoint Central, and an authenticated SQL injection in Analytics Plus. Thes...

SUSE-SU-2023:4367-1 Security update for apache-ivy

This update for apache-ivy fixes the following issues: - Upgrade to version 2.5.2 bsc1214422 - CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in differe...

CVE-2022-4245 Codehaus-plexus: xml external entity (xxe) injection

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

F5 BIG-IP security vulnerabilities

SQL and XML injections...