CVE-2022-2759

Delta Electronics Delta Robot Automation Studio DRAS versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to emb...

CLSA-2022-1660064249 Fix CVE(s): CVE-2022-21434, CVE-2022-21426, CVE-2022-21443, CVE-2022-34169, CVE-2022-21540, CVE-2022-21541, CVE-2022-21476, CVE-2022-21496

Backport upstream releases 8u342 and 8u332 to 16.04 LTS Security fixes in 8u342: - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541:...

OPC Labs QuickOPC Connectivity Explorer Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

CVE-2021-42537 VISAM VBASE Editor Improper Restriction of XML

VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output...

CVE-2022-34169

creationtimestamp| type| source ---|---|--- 2022-07-19 22:40:50+00:00| seen| https://t.me/cibsecurity/46575 2022-08-15 09:47:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/2946 2022-11-02 11:41:00+00:00| seen|...

EulerOS Virtualization 2.10.1 : python-lxml (EulerOS-SA-2022-2064)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-1758)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2022-1658 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

GHSA-45W3-2HVV-PFXQ XML Injection in Apache Solr

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document...

Moderate: Red Hat Security Advisory: python-lxml security update

An update for python-lxml is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

python-lxml security update

An update is available for python-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list lxml is an XML processing library providing access to libxml2 and libxslt...

ALSA-2022:1932 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 For more details about the security issues, including the impact, ...

Apache NiFi Code Issue Vulnerability (CNVD-2022-38522)

Apache NiFi is a data processing and distribution system from the Apache Foundation in the United States. The system is primarily used for data routing, transformation, and system brokerage logic.A security vulnerability in Apache NiFi versions 0.0.1 through 1.16.0 stems from multiple components...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...