36 matches found
MGASA-2025-0320 Updated python-django packages fix security vulnerabilities
Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...
EUVD-2012-1181
Malware in sbrugna...
EUVD-2019-10660
Malware in sbrugna...
EUVD-2011-2179
Malware in sbrugna...
EUVD-2012-4007
Malware in sbrugna...
EUVD-2018-2657
Malware in sbrugna...
EUVD-2019-8550
Malware in sbrugna...
EUVD-2008-4208
Malware in sbrugna...
EUVD-2004-1569
Malware in sbrugna...
EUVD-2016-5526
Malware in sbrugna...
EUVD-2015-7928
Malware in sbrugna...
EUVD-2025-18415
Malicious code in bioql PyPI...
EulerOS 2.0 SP10 : expat (EulerOS-SA-2025-1795)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2011-3288
Cisco Unified Presence before 8.54 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption, and process crash via a crafted XML document containing a large number of nested entity references, aka Bug IDs...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby vulnerabilities (USN-7418-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7418-1 advisory. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribu...
Advisory ROSA-SA-2025-2604
software: expat 2.6.2 OS: ROSA-CHROME packageevrstring: expat-2.6.2-1 CVE-ID: CVE-2023-52426 BDU-ID: 2024-04334 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to improper restriction of recursive object references in DTDs. Exploitation of the...
EulerOS Virtualization 2.12.1 : python-lxml (EulerOS-SA-2024-2759)
According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access...
PT-2024-7270 · Ruby +10 · Rexml +10
Name of the Vulnerable Software and Affected Versions: REXML versions prior to 3.2.6 REXML versions prior to 3.3.1 REXML versions prior to 3.3.2 REXML versions prior to 3.3.3 Description: The REXML gem has a denial of service vulnerability when it parses an XML that has many s in an attribute...
CVE-2022-40152 Stack Buffer Overflow in Woodstox
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...