new packages: perl-XML-Parser

An update is available for perl-XML-Parser. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-R7C8-HGHC-2MP8 Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted application that is loaded earlier than the targ...

Apache Tomcat Allows Replacing of XML Parser

Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted application that is loaded earlier than the targ...

HCL Technologies HCL Unica Platform Code Issue Vulnerability

HCL Technologies HCL Unica Platform is an enterprise automated marketing platform from HCL Technologies India.A security vulnerability exists in versions of HCL Technologies HCL Unica Platform prior to 12.1.1, which stems from an improperly configured XML parser that processing user-supplied inpu...

Denial Of Service (DoS)

pjproject is vulnerable to denial of service. The vulnerability exists due to the infinite loop in the xml parser, allowing an attacker to cause an application crash...

GHSA-85HW-W436-C725 XML External Entity Reference in Apache Cayenne

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a...

GHSA-PRC3-7F44-W48J Missing XML Validation in Apache Tomcat

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that provides an XML external entity...

Missing XML Validation in Apache CXF

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

PT-2022-9863 · Hcl +1 · Hcl Unica +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue occurs due to poorly configured XML parsers processing user-supplied input without sufficient validation, allowing attackers to manipulate XML content and inject malicious...

CVE-2022-22774

The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerabili...

CVE-2022-22774

The CVE-2022-22774 issue affects TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server. The root cause is an XXE (XML External Entity) vulnerability in the DOM XML parser and SAX XML parser components, exploitable by an unauthenticated attacker with network ac...

XML External Entity (XXE) Injection

com.twelvemonkeys.imageio, imageio-metadata is vulnerable to XML external entity injection attacks. The vulnerability exist in parseDirectories function in XMPReader.javadue to lack of validation in XML parser which allows attackers to submit malicious XML and gain access to sensitive information...

GHSA-PJCH-4G28-FXX7 External Entity Reference in TwelveMonkeys ImageIO

The package com.twelvemonkeys.imageio:imageio-metadata before version 3.7.1 is vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online...

CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

DEBIAN-CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

DEBIAN-CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...