1178 matches found
SUSE-SU-2025:20201-1 Security update for libxslt
This update for libxslt fixes the following issues: CVE-2025-24855: Fix use-after-free of XPath context node bsc1239625 CVE-2024-55549: Fix UAF related to excluded namespaces bsc1239637 CVE-2023-40403: Make generate-id deterministic bsc1238591...
CVE-2022-43840
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
Important: libxslt
Issue Overview: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored...
Security Bulletin: IBM Aspera Console has addressed multiple vulnerabilities.
Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Console 3.4.5. Vulnerability Details CVEID:CVE-2024-40725 DESCRIPTION: Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-398...
CVE-2022-43840
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840 IBM Aspera Console XPath injection
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840 IBM Aspera Console XPath injection
IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
CVE-2022-43840
CVE-2022-43840 affects IBM Aspera Console 3.4.0–3.4.4. The vulnerability is an XPath injection in the Web UI that could allow an authenticated attacker to exfiltrate sensitive application data and/or deduce the XML document structure. IBM’s bulletin confirms remediation by upgrading to IBM Aspera...
PT-2025-16266 · Ibm · Ibm Aspera Console
Name of the Vulnerable Software and Affected Versions: IBM Aspera Console versions 3.4.0 through 3.4.4 Description: The issue is an XPath injection vulnerability that could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document...
IBM Aspera Console 安全漏洞
IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from an XPath injecti...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
CLSA-2025-1743763948 libxslt: Fix of CVE-2025-24855
CVE-2025-24855: fix use-after-free issue in numbers.c by restoring XPath context node in nested XPath evaluations...
The vulnerability in the J-Web management web interface of Juniper Networks Junos OS allows a perpetrator to execute arbitrary commands.
The vulnerability in the J-Web management web interface of Juniper Networks Junos OS relates to the failure to neutralize data in XPath expressions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
Azure Linux 3.0 Security Update: libxslt (CVE-2025-24855)
The version of libxslt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24855 advisory. - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath...