RHEL 7 : OpenShift Container Platform 4.4.33 (RHSA-2021:0282)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0282 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Security Bulletin: A CVE-2021-37714 vulnerability in jsoup affects IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in jsoup used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending ...

Xxe

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in the Policy Engine of Forcepoint Data Loss Prevention DLP, which is also leveraged by Forcepoint One Endpoint F1E, Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20...

CVE-2022-1700

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in the Policy Engine of Forcepoint Data Loss Prevention DLP, which is also leveraged by Forcepoint One Endpoint F1E, Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)

The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

Ubuntu: Security Advisory (USN-313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-313-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer...

CLSA-2022-1660759632 Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

Xxe

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

CVE-2022-2838

CVE-2022-2838 affects Eclipse Sphinx prior to 0.13.1. The vulnerability stems from using the Apache Xerces XML Parser without disabling processing of referenced external entities, enabling an attacker to inject arbitrary definitions and access local files, with data exfiltration possible via HTTP...

Eclipse Sphinx 代码问题漏洞

Eclipse Sphinx is an extensible platform from the Eclipse Foundation that simplifies the creation of integrated modeling tool environments that support a single or multiple modeling languages which can be UML-based or native DSL, with a particular focus on industrial strength and interoperability...

Expat XML Parser Remote Code Execution (CVE-2022-25236)

A remote code execution vulnerability exists in Expat XML Parser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

Dogtag PKI 代码问题漏洞

Dogtag PKI is an enterprise-class, open-source Certificate Authority CA open-sourced by Dogtag. A security vulnerability exists in Dogtag PKI's XML parser that stems from the fact that accessing an external entity while parsing an XML document could lead to an XML External Entity XXE attack. The...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22823 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...