MiracleLinux 7 : xerces-c-3.1.1-10.el7 (AXSA:2020-4490:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4490:01 advisory. xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs CVE-2018-1311 Tenable has extracted the preceding...

MiracleLinux 8 : python27:2.7 (AXSA:2021-2091:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2091:01 advisory. python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 python-urllib3: CRLF injection via HTTP request method...

MiracleLinux 4 : expat-2.0.1-11.AXS4 (AXSA:2012-577:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-577:01 advisory. This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers wi...

MiracleLinux 4 : libxml2-2.7.6-14.1.0.2.AXS4 (AXSA:2014-350:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-350:02 advisory. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes...

CVE-2023-49656

Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2018-14383

The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7...

CVE-2021-28684

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...

CVE-2021-28110

/exec in TranzWare e-Commerce Payment Gateway TWEC PG before 3.1.27.5 had a vulnerability in its XML parser...

CVE-2020-12684

XXE injection can occur in i-net Clear Reports 2019 19.0.287 Designer, as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser...

CVE-2026-21499

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2...

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

CVE-2026-21499

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21502 NULL Pointer Dereference in iccDEV XML Tag Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21502 NULL Pointer Dereference in iccDEV XML Tag Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21499 NULL Pointer Dereference in iccDEV XML Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2...

CVE-2026-21499

CVE-2026-21499 affects iccDEV prior to 2.3.1.2, due to a NULL pointer dereference in the XML parser. The issue is documented as a vulnerability in iccDEV’s XML parsing path, with patch released in version 2.3.1.2. Impact is described as availability loss (A) with no confidentiality/integrity impa...

CVE-2026-21499 NULL Pointer Dereference in iccDEV XML Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2...

PT-2026-2065

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions prior to 2.3.1.2 are susceptible to a NULL pointer dereference issue...

PT-2026-34084

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 11.0.30, 17.0.18, 21.0.10, 25.0.2 and 26 Oracle GraalVM for JDK versions 17.0.18 and 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the JAXP component allows an unauthenticated...

SUSE SLES15 / openSUSE 15 Security Update : mozjs52 (SUSE-SU-2025:4512-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4512-1 advisory. - CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 - CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 -...