CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38441 Eclipse CycloneDDS Write-what-where Condition

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38441 Eclipse CycloneDDS Write-what-where Condition

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38441

CVE-2021-38441 affects Eclipse CycloneDDS: versions prior to 0.8.0 are vulnerable to a write-what-where condition in the XML parser, allowing an attacker to write arbitrary values. Root cause is a flaw in the XML parser handling, leading to partial/high impact on confidentiality, integrity, and a...

CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

DEBIAN-CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

UBUNTU-CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

CVE-2022-28890

CVE-2022-28890 : Apache Jena’s RDF/XML parser is vulnerable to an XXE-like issue where an attacker can cause an external DTD to be retrieved. The vulnerability affects Apache Jena versions 4.4.0 and earlier; parity notes indicate that Apache Jena 4.2.x and 4.3.x do not allow external entities, im...

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

PT-2022-19295 · Apache · Apache Jena

Name of the Vulnerable Software and Affected Versions: Apache Jena versions prior to 4.4.0 Description: A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects versions prior to 4.4.0, excluding Apache Jena 4.2.x and...

GHSA-HHJG-G8XQ-HHR3 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...

Delta Industrial Automation DMARS Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Delta Industrial Automation DMARS ScopeConfig File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Delta Industrial Automation DRAS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Delta Industrial Automation DMARS Project File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DMARS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Security Bulletin: IBM InfoSphere MDM Reference Data Management affected by XML External Entity vulnerability(CVE-2015-1909)

Summary IBM MDM InfoSphere Reference Data Management is vulnerable to XML External Entity attack caused by weakly configured XML parser. Vulnerability Details CVEID: CVE-2015-1909 DESCRIPTION: IBM InfoSphere Master Data Management Server could allow a remote attacker to obtain sensitive...

EulerOS 2.0 SP5 : xerces-j2 (EulerOS-SA-2022-1555)

According to the versions of the xerces-j2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, t...