SUSE CVE-2013-5851

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP...

SUSE CVE-2014-0376

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

SUSE CVE-2014-6517

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP...

SUSE CVE-2015-4893

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...

SUSE CVE-2016-0466

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP...

SUSE CVE-2016-3425

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP...

SUSE CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

SUSE CVE-2017-3526

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with...

SUSE CVE-2017-10101

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

SUSE CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

PT-2023-18714 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.2.0 through 1.19.1 Description: The ExtractCCDAAttributes Processor in Apache NiFi does not restrict XML External Entity references, making flow configurations that include this processor vulnerable to malicious XML...

CVE-2022-22486

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-1077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3260 : node-xmldom - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3260 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3260-1 [email protected]...

Spring WS Samples upgraded for Spring Boot 3.0!

With the recent announcement of Spring Boot 3.0 going GA, some of you may be interested in upgrading your Spring Web Services-based applications to take full advantage of this. The Spring WS team has upgraded our set of sample apps to help you carry that out. The main branch now tracks the versio...

python-lxml security update

An update is available for python-lxml. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list lxml is an XML processing library providing access to libxml2 and libxslt...

Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

ALSA-2022:8226 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

PT-2022-27424 · Unknown · Cbrn-Analysis

Name of the Vulnerable Software and Affected Versions: CBRN-Analysis versions prior to 22 Description: The issue allows XXE attacks via an XML document, leading to NTLMv2-SSP hash disclosure. This occurs when processing a malicious XML document. Recommendations: For versions prior to 22, update t...

PT-2022-6983 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: The issue is related to a buffer overflow in the SetAPLanSettings function of the D-Link DAP-1325 wireless signal amplifier's firmware when processing XML data. This can allow a...