UBUNTU-CVE-2019-2981

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

PYSEC-2019-117

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with '...

PT-2019-16873 · Ibm · Ibm I2 Intelligent Analyis Platform

Name of the Vulnerable Software and Affected Versions: IBM i2 Intelligent Analyis Platform versions 9.0.0 through 9.1.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information o...

The vulnerability of the SAP NetWeaver software integration platform lies in errors in processing external XML objects during XML file analysis, which allows attackers to trigger service failures.

The vulnerability of the SAP NetWeaver software integration platform is related to errors in processing external XML objects during the analysis of XML files XXE. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially crafted request...

PT-2019-7881 · Omniauth · Omniauth-Saml

Name of the Vulnerable Software and Affected Versions: OmniAuth OmniAuth-SAML versions 1.9.0 and earlier Description: The issue arises from incorrect utilization of XML DOM traversal and canonicalization APIs, allowing an attacker to manipulate SAML data without invalidating its cryptographic...

The vulnerability of the SAP HANA Extended Application Services development tool, related to errors in XML document processing, allows attackers to gain access to protected information or cause service failures.

The vulnerability of the SAP HANA Extended Application Services development tool is related to errors in processing XML documents. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause service failures by using a specially created XML file...

PhpSpreadsheet 1.5.0 - XML External Entity (XXE)

PhpSpreadsheet 1.5.0 - XML External Entity XXE Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability...

SUSE-SU-2018:2898-2 Security update for smt, yast2-smt

This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. - CVE-2018-12470: SQL injection in...

Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

SUSE-SU-2018:2899-1 Security update for smt

This update for smt to 2.0.34 fixes the following issues: These security issues were fixed: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809 - CVE-2018-12470: SQL injection in RegistrationSharing module allows remot...

SUSE-SU-2018:2898-1 Security update for smt, yast2-smt

This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. - CVE-2018-12470: SQL injection in...

ALPINE-CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

CVE-2017-2640

CVE-2017-2640 affects Pidgin/libpurple prior to 2.12.0. An out-of-bounds write in parsing XML content (e.g., via invalid XML entities) can allow a remote server to crash the client or, in some cases, execute arbitrary code. Upstream fixes/advise upgrading to 2.12.0 or newer (e.g., libpurple 2.12....

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service DoS. This is due to the way .NET applications process XML documents which could lead to a denial of service condition when specially crafted requests are submitted. This CVE is different from CVE-2018-0765...

OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network...