Xxe

Electronic Delivery Check System Doboku Ver.18.1.0 and earlier, Electronic Delivery Check System Dentsu Ver.12.1.0 and earlier, Electronic Delivery Check System Kikai Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML...

CVE-2024-21796

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

The vulnerability of the microprogrammed software of IP cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 arises from buffer overflows in the stack. This allows intruders to execute arbitrary code.

The vulnerability of the microprogrammed software of IP cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 arises due to buffer overflows in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code during the...

The vulnerability of the microprogrammed software of IP cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 arises from buffer overflows in the stack. This allows intruders to execute arbitrary code.

The vulnerability of the microprogrammed software of IP cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 arises due to buffer overflows in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code during the...

CVE-2023-3959

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently...

The vulnerability of the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.

The vulnerability of the microprogramming software of the D-Link DAP-1325 wireless signal amplifier is related to buffer overflow in the stack when processing XML data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.

The vulnerability of XML data processing in microprogramming software for D-Link’s wireless signal amplifiers, the DAP-1325, is related to buffer overflows during XML data processing. Exploiting this vulnerability can allow attackers to execute arbitrary code...

MGASA-2023-0279 Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...

The vulnerability of the SetAPLanSettings() function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a hacker to execute arbitrary code.

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to trigger a service failure.

The vulnerability of the JAXP software platform of Oracle Java SE and the Oracle GraalVM Enterprise Edition virtual machine is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to disclose protected information.

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to errors in cross-border deletion of critical data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to trigger a service failure.

The vulnerability of the JAXP component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

GHSA-2JC4-R94C-RP7H Apache Ivy External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

The vulnerability of the HandleFileArg function in the XML data compression tool Xmill allows a attacker to execute arbitrary code.

The vulnerability of the HandleFileArgl function in the XML data compression tool Xmill is related to a memory boundary error during the processing of XML files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Magento Commerce software platform for developing and managing online stores, related to errors in XML request processing, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Magento Commerce development and management software platform is related to errors in processing XML requests. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information from a remote location...

Security Bulletin: IBM Security Guardium is affected by a remote code execution vulnerability (CVE-2020-10650)

Summary IBM Security Guardium uses jackson-databind for XML processing. FasterXML jackson-databind has a remote code execution vulnerability. IBM Security Guardium has addressed the issue by updating the affected component. Vulnerability Details CVEID:CVE-2020-10650 DESCRIPTION: FasterXML...

USN-6102-1: xmldom vulnerabilities

It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...