192 matches found
CVE-2021-30485
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...
CVE-2021-30485
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...
CVE-2020-3405
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...
CVE-2020-3405 Cisco SD-WAN vManage Software XML External Entity Vulnerability
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...
Huawei Data Communication: Memory Leak Vulnerability in Several Huawei Products (huawei-sa-20171213-04-xml)
There is a memory leak vulnerability in several Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Design/Logic Flaw
A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...
XStream Library Insecure Deserialization (CVE-2019-10173)
An insecure serialization vulnerability exists in XStream Library. The vulnerability is due to insufficient validation of event handler type in user-supplied XML data. A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful...
Null pointer dereference
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen on a NULL pointer...
CVE-2019-20198
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlentok mishandles recursion, leading to stack consumption for a crafted XML file...
Xxe
Jeesite 1.2.7 is affected by: XML External Entity XXE. The impact is: sensitive information disclosure. The component is: convertToModel function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload ...
CVE-2019-1010202
Jeesite 1.2.7 is affected by: XML External Entity XXE. The impact is: sensitive information disclosure. The component is: convertToModel function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload ...
The vulnerability of the SAP HANA Extended Application Services development tool, related to errors in XML document processing, allows attackers to gain access to protected information or cause service failures.
The vulnerability of the SAP HANA Extended Application Services development tool is related to errors in processing XML documents. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause service failures by using a specially created XML file...
CVE-2019-3817
A use-after-free flaw has been discovered in libcomps in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...
Traccar Server <= 4.2 XXE Vulnerability
Traccar is prone to an XXE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112483...
CVE-2018-20592
In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...
Design/Logic Flaw
In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...
CVE-2018-20592
In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...
CVE-2018-20592
In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...
UBUNTU-CVE-2018-20592
In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...