EUVD-2026-14434

A flaw was found in the github.com/antchfx/xpath component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the logicalQuery.Select function, leading to 100% CPU utilization and a Denial o...

EUVD-2009-0816

Malware in sbrugna...

EUVD-2011-2795

Malware in sbrugna...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS, which arises from a data...

Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java

Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML Extern...

CVE-2024-2645

CVE-2024-2645 affects Netentsec NS-ASG Application Security Gateway 6.3. The vulnerability is in the file "/vpnweb/resetpwd/resetpwd.php" where the UserId parameter can cause improper neutralization of data within XPath expressions, enabling a remote attack. Public exploitation has been disclosed...

Remote Code Execution (RCE)

commons-jxpath is vulnerable to remote code execution. The vulnerability exists in selectSingleNode function in JXPathContext.java where the attacker can use the xpath expression to load any java class from the classpath which will lead to a code execution...

Ubuntu: Security Advisory (USN-5546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for java-1_8_0-openjdk (SUSE-SU-2022:2530-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11

0:11.0.15.0.10-alt11jpp11 built July 14, 2022 Andrey Cherepanov in task 303498 June 29, 2022 Andrey Cherepanov - New version. - Security fixes + JDK-8270504, CVE-2022-21426: Better XPath expression handling + JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0 +...

Jenkins XPath Configuration Viewer Plugin跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery...

Amazon Linux 2 : libxml2 (ALAS-2020-1466)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1466 advisory. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when...

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20191016)

Security Fixes : - OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 - OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn Scripting, 8223518 CVE-2019-2975 - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler...

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2019-1614)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There ...

SUSE-SU-2019:13985-1 Security update for libxml2

This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case leading to a denial of service attack bsc1102046 Other Issue...

MGASA-2019-0047 Updated libxml2 packages fix security vulnerabilities

A flaw was found in libxml2 2.9.8. The xzdecomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint CVE-2018-9251, CVE-2018-14567. A null pointer...

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

Adobe Reader DC if XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...