EUVD-2022-1980

Malicious code in bioql PyPI...

EUVD-2022-5522

Malicious code in bioql PyPI...

EUVD-2022-4142

Malicious code in bioql PyPI...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache XML Security for Java.

Summary Multiple vulnerabilities in Apache XML Security for Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-20945 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker...

BIT-NIFI-2023-22832 Apache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes

The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...

Linux Distros Unpatched Vulnerability : CVE-2024-34580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in...

CVE-2025-54380 Opencast still publishes global system account credentials

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to version 17.6, Opencast would incorrectly send the hashed global system account credentials ie: org.opencastproject.security.digest.user and org.opencastproject.security.digest.pass...

PT-2025-26805 · Git +1 · Xmlsec

Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: The software is susceptible to a heap-buffer-overflow write issue. The crash state involves the functions xmlParsePubidLiteral, xmlParseExternalID, and xmlParseNotationDecl. Recommendations...

CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

CVE-2021-38490

Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...

CVE-2019-12996

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

Linux Distros Unpatched Vulnerability : CVE-2019-12400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of...

UBUNTU-CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 1.285.0 Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the...

XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients...

xmlsec1 bug fix update

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML Security Library is a C library based on LibXML2 and OpenSSL. The library...

RHSA-2013:1219 Red Hat Security Advisory: xml-security security update

Bulletin has no description...

RHSA-2013:1217 Red Hat Security Advisory: xml-security security update

Bulletin has no description...