CVE-2022-21282

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

PT-2022-2118

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to the disclosure of information in the JAXP component of Oracle Java SE and Oracle GraalVM...

OPENSUSE-SU-2022:0012-1 Security update for prosody

This update for prosody fixes the following issues: Update to 0.11.12: CVE-2022-0217: util.xml: Do not allow doctypes, comments or processing instructions bsc1194596...

Debian DLA-2871-1 : lxml - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2871 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...

Security Bulletin: IBM App Connect Enterprise Certified Container operator may be affected by CVE-2020-29510

Summary The operator for IBM App Connect Enterprise Certified Container may be affected by CVE-2020-29510 if the operator is made to process XML Vulnerability Details CVEID: CVE-2020-29510 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by the failure ...

AZL-7025 CVE-2021-43818 affecting package python-lxml for versions less than 4.8.0-1

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

Hardcoded credentials

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

RLSA-2021:4158 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...

python-lxml security update

An update is available for python-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list lxml is an XML processing library providing access to libxml2 and libxslt...

ALSA-2021:4158 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 For more details about the security issues, including the...

CVE-2021-35496

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...

CVE-2021-35496

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...

CVE-2021-35496 TIBCO JasperReports XML Eternal Entity (XXE) vulnerability

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...

CVE-2021-35496

The CVE-2021-35496 entry concerns the XMLA Connections component in TIBCO JasperReports Server (and variants) with a low-privilege, network-accessible attacker able to interfere with XML processing. Affected products/releases include JasperReports Server 7.2.1 and below, 7.5.0/7.5.1, 7.8.0, 7.9.0...

TIBCO Software JasperReports Server 代码问题漏洞

Tibco Software TIBCO Software JasperReports Server is an embeddable reporting server from TIBCO Software USA that provides reporting and analytics functionality that can be embedded into web or mobile devices. A code issue vulnerability exists in TIBCO Software JasperReports Server, which arises...

XML External Entity Reference in Apache Jena

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

GHSA-7RP6-W7MG-H8RW XML External Entity Reference in Apache Jena

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

XML External Entity (XXE)

jena-core is vulnerable to XML external entity. An attacker is able to execute XML External Entities XXE due to lack of secure XML processing, subsequently exposing the contents of local files to a remote server...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

DEBIAN-CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...