192 matches found
AlmaLinux 9 : libxml2 (ALSA-2023:7747)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7747 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...
RHEL 9 : libxml2 (RHSA-2023:7747)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7747 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...
libxml2: crafted xml can cause global buffer overflow
A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...
Amazon Linux AMI : libxml2 (ALAS-2023-1841)
The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1841 advisory. Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at...
Xxe
A XML External Entity XXE vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file...
CVE-2023-41635
A XML External Entity XXE vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file...
CVE-2023-39615
A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...
XML Injection
org.apache.ivy:ivy is vulnerable to XML Injection. The vulnerability exists due to improper external DTD XML restrictions. An attacker is able to exploit this vulnerability by parsing a specially crafted XML file, which allows the attacker to access sensitive information, such as passwords or oth...
The vulnerability of the ezxml_internal_dtd function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.
The vulnerability of the ezxmlinternaldtd function in the XML document syntax analysis library ezXML is related to pointer aliasing errors. Exploiting this vulnerability allows an attacker to trigger a service failure using a specially created XML file...
The vulnerability of the ezxml_decode function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.
The vulnerability of the ezxmldecode function in the ezXML XML syntax analysis library is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created XML file...
GHSA-J6V2-MWXM-F952 py-xml XML External Entity Injection vulnerability
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
easy-parse XML External Entity Injection vulnerability
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26708
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26710
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PYSEC-2023-97
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...