dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

Apache OpenNLP 代码问题漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of enabling FEATURESECUREPROCESSING or disabling DTD processing during the...

PT-2026-37163

Name of the Vulnerable Software and Affected Versions changedetection.io versions 0.54.9 and earlier Description The software contains an XML External Entity XXE issue where the xpath filter function switches to XML mode for XML/RSS content and creates an etree.XMLParserstrip cdata=False without...

RHEL 9 : .NET 9.0 (RHSA-2026:13282)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13282 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

RHCOS 1 : activemq (RHSA-2014:0254)

The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0254 advisory. - HawtJNI: predictable temporary file name leading to local arbitrary code execution CVE-2013-2035 - Framework: XML External Entity...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:13512)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13512 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.2.6 has a denial-of-service vulnerability when it parses an XML document with many tags in an attribute value. Users who need to parse untrusted XMLs may be affected by this vulnerability. The REXML gem version 3.2.7 or later includ...

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling during the parsing of crafted XML files writing outside of a memory region created by mmap...

Astra Linux – Vulnerability in libxml2

A use-after-free vulnerability was discovered in libxml2. This issue occurs when parsing XPath elements under certain circumstances, especially when the XML schema includes the schema element. This flaw allows a malicious actor to create a malicious XML document that can be used as input for...

Astra Linux – Vulnerability in Batik

A Server-Side Request Forgery SSRF vulnerability exists in Batik of Apache XML Graphics, allowing an attacker to load a URL through the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

Astra Linux – Vulnerability in libjettison-java

Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow. This vulnerability could facilitate a Denial of Servic...

Astra Linux – Vulnerability in libxmltok

In libexpat before version 2.2.8, crafted XML inputs could trick the parser into switching from DTD parsing to document parsing too early. A consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber would then lead to a heap-based buffer overflow...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, and Expat

In libexpat before version 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

Astra Linux – Vulnerability in netcdf

A issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxmlstr2utf8, when parsing a crafted XML file, performs zero-length reallocation in ezxml.c, resulting in a NULL pointer being returned in some compilers. After this, the function ezxmlparsestr does not check whether the s variabl...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26, and 8.0.x below 8.0.13, certain XML parsing functions, such as simplexmlloadfile, decode the filename passed to them using URL encoding. If the filename contains a URL-encoded NUL character, this may cause the function to interpret this as t...

Astra Linux – Vulnerability in netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling during the parsing of crafted XML files, resulting in a heap-based buffer overflow...

Astra Linux - Vulnerability in libjdom1-java, libjdom2-java

A XXE vulnerability exists in SAXBuilder in JDOM through version 2.0.6, allowing attackers to cause a denial of service through a crafted HTTP request...

Astra Linux – Vulnerability in OpenCV

A issue was discovered in OpenCV prior to version 4.1.1. There is a NULL pointer dereferencing in the function cv::XMLParser::parse, located in modules/core/src/persistence.cpp...

Astra Linux – Vulnerability in libpgjava

The PostgreSQL JDBC Driver also known as PgJDBC prior to version 42.2.13 allowed XXE...

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.2 had some DoS vulnerabilities when parsing XML that contained many special characters, such as whitespace characters, , , and . The REXML gem versions 3.3.3 or later include patches to fix these vulnerabilities...