UBUNTU-CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer...

CLSA-2022-1660759632 Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

Xxe

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

CVE-2022-2838

CVE-2022-2838 affects Eclipse Sphinx prior to 0.13.1. The vulnerability stems from using the Apache Xerces XML Parser without disabling processing of referenced external entities, enabling an attacker to inject arbitrary definitions and access local files, with data exfiltration possible via HTTP...

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

Eclipse Sphinx 代码问题漏洞

Eclipse Sphinx is an extensible platform from the Eclipse Foundation that simplifies the creation of integrated modeling tool environments that support a single or multiple modeling languages which can be UML-based or native DSL, with a particular focus on industrial strength and interoperability...

Expat XML Parser Remote Code Execution (CVE-2022-25236)

A remote code execution vulnerability exists in Expat XML Parser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...

Geonetwork 4.2.0 - XML External Entity Vulnerability

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description: GeoNetwork 3.1.x through...

Dogtag PKI 代码问题漏洞

Dogtag PKI is an enterprise-class, open-source Certificate Authority CA open-sourced by Dogtag. A security vulnerability exists in Dogtag PKI's XML parser that stems from the fact that accessing an external entity while parsing an XML document could lead to an XML External Entity XXE attack. The...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22823 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25315 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-23852 DESCRIPTION: Expat aka libexpat could allow a remote attacker to execute arbitrary code on the system, caus...

CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to a denial server due to its use of Apache Xerces2 (CVE-2022-23437)

Summary Apache Xerces2 is used by several components in IBM Cloud Pak for Multicloud Management Monitoring to process internal configuration files. This vulnerability is limited to a malicious insider who can find and manipulate these files. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION...

GHSA-RM23-6MWV-8Q9Q XML External Entity Reference in Jenkins Recipe Plugin

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-34793

Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...