91 matches found
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...
K000151254: libxml2 vulnerability CVE-2024-40896
Security Advisory Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible. CVE-2024-40896...
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
...
CVE-2024-40896
A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to "checked." This vulnerability allows classic XML External Entity XXE attacks. Mitigation Mitigati...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
UBUNTU-CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
USN-7091-1 ruby3.0, ruby3.2, ruby3.3 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24....
rexml: DoS vulnerability in REXML
A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...
rexml: DoS vulnerability in REXML
A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the SAX2 or pull parser API. An attacker can cause the application to consume excessive resources leading to a denial of service by...
PT-2024-6222
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.11 through 2.11.8 libxml2 versions 2.12 through 2.12.8 libxml2 versions 2.13 through 2.13.2 Description The issue is related to the SAX parser in libxml2, which can produce events for external entities even if custom SAX...
Fedora: Security Advisory for pentaho-libxml (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: pentaho-libxml-1.1.3-42.fc40
Pentaho LibXML is a namespace aware SAX-Parser utility library. It eases the pain of implementing non-trivial SAX input handlers...
UBUNTU-CVE-2023-45818
TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...
SUSE CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...