CVE-2021-46849 - XXE Vulnerability in pikepdf's XMP Metadata Parsing (Before v2.10.) - Deep Dive, Exploit Details, and How to Stay Safe
In the world of PDF processing, Python's pikepdf library has made a name for itself as a go-to tool for working with PDF
CVE-2022-43028 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 has a stack overflow via the timeZone parameter.
This issue was reported to have been fixed in version 16.03.11.10. Tenda US versions are vulnerable to XXE attacks. Remote attackers can
CVE-2022-43430 Jenkins Compuware Topaz 2.4.8 and earlier does not configure its XML parser to prevent XXE attacks.
In certain situations, Jenkins may be exposed to a high risk of XXE attacks when it is processing untrusted inputs, such as XML configuration files.
CVE-2022-42114 An XSS vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36 and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.
This issue is due to insufficient sanitization of user input before placing it into the database. As a result, a user with administrative privileges can
CVE-2022-0699 A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases
The vendor has confirmed that there are no active attacks against this issue. Users are advised to upgrade to the latest release. CVE-2017-9832 - Double-free
Episode
00:00:00
00:00:00