CyberSecurityBoard
Sponsor Register Login

CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Publication date: Tue, 05 Jul 2022 15:15:00 +0000


Cyber News related to CVE-2022-2309

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
CVE-2022-2309 - NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes ...
2 years ago
CVE-2015-2309 -
medium
CVE-2015-2179 ...
55 years ago Tenable.com
CVE-2002-2309 - php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. ...
16 years ago
CVE-2010-2309 - Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request. ...
14 years ago
CVE-2007-2309 - Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third ...
14 years ago
CVE-2011-2309 - Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help. ...
13 years ago
CVE-2012-2309 - Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. ...
12 years ago
CVE-2013-2309 - Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile ...
11 years ago
CVE-2016-2309 - iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. ...
8 years ago
CVE-2017-2309 - On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk. ...
7 years ago
CVE-2004-2309 - Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command. ...
7 years ago
CVE-2008-2309 - Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in ...
7 years ago
CVE-2009-2309 - SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter. ...
7 years ago
CVE-2006-2309 - The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files. ...
6 years ago
CVE-2019-2309 - While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon ...
4 years ago
CVE-2014-2309 - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router ...
4 years ago
CVE-2005-2309 - Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg. ...
3 years ago
CVE-2021-2309 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the ...
2 years ago
CVE-2023-2309 - The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. ...
1 year ago
CVE-2023-4833 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6. ...
1 year ago
CVE-2020-2309 - A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. ...
1 year ago
CVE-2018-2309 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com
CVE-2024-2309 - The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site ...
10 months ago Tenable.com
CVE-2025-2309 - A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to ...
1 day ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)