[SECURITY] Fedora 33 Update: dom4j-2.0.3-1.fc33

dom4j is an Open Source XML framework for Java. dom4j allows you to read, write, navigate, create and modify XML documents. dom4j integrates with DOM and SAX and is seamlessly integrated with full XPath support...

[SECURITY] Fedora 34 Update: dom4j-2.0.3-1.fc34

dom4j is an Open Source XML framework for Java. dom4j allows you to read, write, navigate, create and modify XML documents. dom4j integrates with DOM and SAX and is seamlessly integrated with full XPath support...

CVE-2021-21266 XXE vulnerability in OpenHAB

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

[SECURITY] Fedora 32 Update: python-lxml-4.4.1-5.fc32

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTre e It extends the ElementTree API significantly to offer support for XPath, Relax NG, XML Schema, XSLT, C14N and much more.To contact the project...

[SECURITY] Fedora 33 Update: python-lxml-4.5.1-3.fc33

lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTre e It extends the ElementTree API significantly to offer support for XPath, Relax NG, XML Schema, XSLT, C14N and much more.To contact the project...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri (Ruby) contains an XXE/SSRF risk in XML schemas parsed by Nokogiri::XML::Schema due to the default trust-on-parse behavior. This is fixed in version 1.11.0.rc4; upgrading to 1.11.0.rc4+ mitigates the issue. The CVE-2020-26247 entry notes the vulnerability and its fix; multiple advisories...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the...

[SECURITY] Fedora 32 Update: libxml2-2.9.10-8.fc32

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

[SECURITY] Fedora 33 Update: libxml2-2.9.10-8.fc33

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus Vulnerabilities : Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation,...

CVE-2020-4774

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...

Input validation

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...

CVE-2020-4774

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...

CVE-2020-4774

The CVE-2020-4774 issue concerns IBM Cúram Social Program Management (Curam SPM) versions 7.0.9 and 7.0.10, where an XPath vulnerability arises from improper handling of user-supplied input. This could allow a remote attacker to obtain unauthorized access or disclose XML document structure/conten...

adu-press.com Cross Site Scripting vulnerability OBB-1397503

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Bulletin: An XPath vulnerability may impact IBM Cúram Social Program Management (CVE-2020-4774)

Summary An XPath vulnerability may impact IBM Cúram Social Program Management, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML...

[SECURITY] Fedora 31 Update: libxml2-2.9.10-4.fc31

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

[SECURITY] Fedora 33 Update: libxml2-2.9.10-7.fc33

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...