CVE-2014-0002
published 2014-03-21CVE-2014-0002: The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified…
PriorityP358high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
32.54%
98.1th percentile
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | camel | <= 2.11.3 | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
| apache | camel | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_apache7.5CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mm/mempool: fix poisoning order>0 pages with HIGHMEM
osv·2025-12-16
CVE-2025-68231 mm/mempool: fix poisoning order>0 pages with HIGHMEM
mm/mempool: fix poisoning order>0 pages with HIGHMEM
In the Linux kernel, the following vulnerability has been resolved:
mm/mempool: fix poisoning order>0 pages with HIGHMEM
The kernel test has reported:
BUG: unable to handle page fault for address: fffba000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
*pde = 03171067 *pte = 00000000
Oops: Oops: 0002 [#1]
CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca
Tainted: [T]=RANDSTRUCT
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)
Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 2e e9 73 41
GHSA
Apache Camel's XSLT component allows remote attackers to read arbitrary files
ghsa·2018-10-16
CVE-2014-0002 [HIGH] Apache Camel's XSLT component allows remote attackers to read arbitrary files
Apache Camel's XSLT component allows remote attackers to read arbitrary files
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
OSV
Apache Camel's XSLT component allows remote attackers to read arbitrary files
osv·2018-10-16
CVE-2014-0002 [HIGH] Apache Camel's XSLT component allows remote attackers to read arbitrary files
Apache Camel's XSLT component allows remote attackers to read arbitrary files
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Red Hat
kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
vendor_redhat·2024-10-29·CVSS 4.7
CVE-2024-50082 [MEDIUM] CWE-362 kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
In the Linux kernel, the following vulnerability has been resolved:
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
We're seeing crashes from rq_qos_wake_function that look like this:
BUG: unable to handle page fault for address: ffffafe180a40084
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 100000067 P4D 100000067 PUD 10027c067 PMD 10115d067 PTE 0
Oops: Oops: 0002 [#1] PREEMPT SMP PTI
CPU: 17 UID: 0 PID: 0 Comm: swapper/17 Not tainted 6.12.0-rc3-00013-geca631b8fe80 #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
RIP: 0010:_raw_spin_lock_irqsave+0x1d/0x40
Code: 90 90 90 90 90 90 90
Red Hat
kernel: media: vivid: fix compose size exceed boundary
vendor_redhat·2024-09-23·CVSS 5.5
CVE-2022-48945 [MEDIUM] kernel: media: vivid: fix compose size exceed boundary
kernel: media: vivid: fix compose size exceed boundary
In the Linux kernel, the following vulnerability has been resolved:
media: vivid: fix compose size exceed boundary
syzkaller found a bug:
BUG: unable to handle page fault for address: ffffc9000a3b1000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:memcpy_erms+0x6/0x10
[...]
Call Trace:
? tpg_fill_plane_buffer+0x856/0x15b0
vivid_fillbuff+0x8ac/0x1110
vivid_thread_vid_cap_tick+0x361/0xc90
vivid_thread_vid_cap+0x21a/0x3a0
kthread+0x143/0x180
ret
Red Hat
kernel: RDMA/srp: Set scmnd->result only when scmnd is not NULL
vendor_redhat·2024-05-03·CVSS 5.5
CVE-2022-48692 [MEDIUM] kernel: RDMA/srp: Set scmnd->result only when scmnd is not NULL
kernel: RDMA/srp: Set scmnd->result only when scmnd is not NULL
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Set scmnd->result only when scmnd is not NULL
This change fixes the following kernel NULL pointer dereference
which is reproduced by blktests srp/007 occasionally.
BUG: kernel NULL pointer dereference, address: 0000000000000170
PGD 0 P4D 0
Oops: 0002 [#1] PREEMPT SMP NOPTI
CPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014
Workqueue: 0x0 (kblockd)
RIP: 0010:srp_recv_done+0x176/0x500 [ib_srp]
Code: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6
VMware
VMware vSphere Data Protection product update addresses a certificate validation vulnerability.
vendor_vmware·2015-01-29·CVSS 4.3
CVE-2014-4632 [MEDIUM] VMware vSphere Data Protection product update addresses a certificate validation vulnerability.
VMSA-2015-0002: VMware vSphere Data Protection product update addresses a certificate validation vulnerability.
a. VMware vSphere Data Protection certificate validation vulnerability VMware vSphere Data Protection (VDP) does not fully validate SSL certificates coming from vCenter Server. This issue may allow a Man-in-the-Middle attack that enables the attacker to perform unauthorized backup and restore operations. VMware would like to thank Thorsten Tüllmann of the Steinbuch Centre for Computing, KIT, Germany for reporting this issue to VMware and the EMC Product Security Response Center for working with us on the issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-4632 to this issue. Column 4 of the following table lists the action
Red Hat
Camel: XML eXternal Entity (XXE) flaw in XSLT component
vendor_redhat·2014-02-28·CVSS 7.5
CVE-2014-0002 [HIGH] CWE-611 Camel: XML eXternal Entity (XXE) flaw in XSLT component
Camel: XML eXternal Entity (XXE) flaw in XSLT component
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Package: camel (OpenShift Enterprise 1) - Will not fix
Package: camel (Red Hat OpenShift Enterprise 2) - Will not fix
Apache
Apache camel: CVE-2014-0002
vendor_apache·CVSS 7.5
CVE-2014-0002 [CRITICAL] Apache camel: CVE-2014-0002
Apache camel: CVE-2014-0002
2.11.0 up to 2.11.3, 2.12.0 up to 2.12.2 2.11.4, 2.12.3, 2.13.0 and newer CRITICAL The Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route. 2013
Severity: critical
No detection rules found.
Exploit-DB
Android WiFi-Direct - Denial of Service
exploitdb·2015-01-26·CVSS 7.5
CVE-2014-0997 [HIGH] Android WiFi-Direct - Denial of Service
Android WiFi-Direct - Denial of Service
---
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Android WiFi-Direct Denial of Service
1. *Advisory Information*
Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
Date published: 2015-01-26
Date of last update: 2015-01-26
Vendors contacted: Android Security Team
Release mode: User release
2. *Vulnerability Information*
Class: Uncaught Exception [CWE-248]
Impact: Denial of service
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2014-0997
3. *Vulnerability Description*
Some Android devices are affected by a Denial of Service attack when
scanning for WiFi Direct devices.
An attacker could send
Exploit-DB
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities
exploitdb·2014-03-12·CVSS 4.4
CVE-2014-0983 [MEDIUM] Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities
---
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
1. *Advisory Information*
Title: Oracle VirtualBox 3D Acceleration Multiple Memory Corruption
Vulnerabilities
Advisory ID: CORE-2014-0002
Advisory URL:
http://www.coresecurity.com/content/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
Date published: 2014-03-11
Date of last update: 2014-03-11
Vendors contacted: Oracle
Release mode: User release
2. *Vulnerability Information*
Class: Improper Validation of Array Index [CWE-129], Improper Validation
of Array Index [CWE-129], Improper Validation of Array Index [CWE-129]
Impact: Code execution
Rem
Bugzilla
CVE-2025-68231 kernel: mm/mempool: fix poisoning order>0 pages with HIGHMEM
bugzilla·2025-12-16
CVE-2025-68231 [MEDIUM] CVE-2025-68231 kernel: mm/mempool: fix poisoning order>0 pages with HIGHMEM
CVE-2025-68231 kernel: mm/mempool: fix poisoning order>0 pages with HIGHMEM
In the Linux kernel, the following vulnerability has been resolved:
mm/mempool: fix poisoning order>0 pages with HIGHMEM
The kernel test has reported:
BUG: unable to handle page fault for address: fffba000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
*pde = 03171067 *pte = 00000000
Oops: Oops: 0002 [#1]
CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca
Tainted: [T]=RANDSTRUCT
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)
Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 0
Bugzilla
CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
bugzilla·2014-11-27·CVSS 6.5
CVE-2014-8092 [MEDIUM] CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests
ProcPutImage(), GetHosts(), RegionSizeof(), REQUEST_FIXED_SIZE() calls do not check that their calculations for how much memory
is needed to handle the client's request have not overflowed, so can
result in out of bounds reads or writes. These calls all occur only
after a client has successfully authenticated itself.
Introduced in X11R1 (1987).
Discussion:
Created attachment 962113
0002-dix_integer_overflow_in_ProcPutImage_CVE-2014-8092_1-4.patch
---
Created attachment 962114
0003-dix_integer_overflow_in_GetHosts_CVE-2014-8092_2-4.patch
---
Created attachment 962115
0004-dix_integer_overflow_in_RegionSizeof_CVE-2014-8092_3-4.patch
---
Created attachment 962116
Bugzilla
CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw
bugzilla·2014-11-11·CVSS 7.5
CVE-2004-2771 [HIGH] CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw
CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw
Florian Weimer from Red Hat has reported the below issue:
mailx executes shell commands embedded in syntactically valid mail addresses due a not quoted command to prevent word expansion.
fio.c
542 }
543 snprintf(cmdbuf, sizeof cmdbuf, "echo %s", name);
544 if ((shell = value("SHELL")) == NULL)
545 shell = SHELL;
The original report in Debian bugtracker:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278748
Discussion:
Created attachment 958222
0001-outof-Introduce-expandaddr-flag.patch
---
Created attachment 958223
0002-unpack-Disable-option-processing-for-email-addresses.patch
---
Created attachment 958224
0003-fio.c-Unconditionally-require-wordexp-support.patch
---
Created attachment 958225
0004-globname-Invoke-wor
Bugzilla
CVE-2014-0009 moodle: group constraint checking issue for loginas (MSA-14-0002)
bugzilla·2014-01-13·CVSS 5.5
CVE-2014-0009 [MEDIUM] CVE-2014-0009 moodle: group constraint checking issue for loginas (MSA-14-0002)
CVE-2014-0009 moodle: group constraint checking issue for loginas (MSA-14-0002)
Itamar Tzadok found an issue in the group constraint checking for loginas. In some cases if a user had loginas privileges but not the site:accessallgroups capability, they could use this flaw to log in as a user not in their group. This issue affected Moodle versions 2.6, 2.5 to 2.5.4, 2.4 to 2.4.7, 2.3 to 2.3.10 and earlier unsupported versions. It has been fixed in 2.6.1, 2.5.4, 2.4.8 and 2.3.11.
I have not checked if versions 1.9.19 in EPEL 5 is affected or not.
According to the Moodle documentation, loginas cannot be used to log in as an administrator:
http://docs.moodle.org/25/en/Capabilities/moodle/user:loginas
Patch:
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
Disc
Bugzilla
CVE-2014-0002 Camel: XML eXternal Entity (XXE) flaw in XSLT component
bugzilla·2014-01-08·CVSS 7.5
CVE-2014-0002 [HIGH] CVE-2014-0002 Camel: XML eXternal Entity (XXE) flaw in XSLT component
CVE-2014-0002 Camel: XML eXternal Entity (XXE) flaw in XSLT component
It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an xslt: route. A remote attacker able to submit messages to an xslt: Camel route could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Discussion:
Acknowledgements:
This issue was discovered by David Jorm of the Red Hat Security Response Team.
---
Upstream bug:
https://issues.apache.org/jira/browse/CAMEL-7130
Upstream patch commits:
https://fisheye6.atlassian.com/changelog/camel-git?cs=7c9326f4962cdad97d5de89cfb4483e04cab1d35
https://fisheye6.atlassian.com/changelog/camel-git?cs=cc192f87b7c4a43c6cff064648
Wiz
CVE-2025-68231 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68231 CVE-2025-68231 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68231 :
Linux Kernel vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mm/mempool: fix poisoning order>0 pages with HIGHMEM
The kernel test has reported:
BUG: unable to handle page fault for address: fffba000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
*pde = 03171067 *pte = 00000000
Oops: Oops: 0002 [#1]
CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca
Tainted: [T]=RANDSTRUCT
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)
Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5
http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.aschttp://rhn.redhat.com/errata/RHSA-2014-0371.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0372.htmlhttp://secunia.com/advisories/57125http://secunia.com/advisories/57716http://secunia.com/advisories/57719http://www.securityfocus.com/bid/65901https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3Ehttps://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3Ehttp://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.aschttp://rhn.redhat.com/errata/RHSA-2014-0371.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0372.htmlhttp://secunia.com/advisories/57125http://secunia.com/advisories/57716http://secunia.com/advisories/57719http://www.securityfocus.com/bid/65901https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3Ehttps://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
2014-03-21
Published