31 matches found
ROS-20260420-73-0047
Vulnerability in incus related to character reference tracking. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
OESA-2026-1282 tinyxml2 security update
TinyXML-2 is a simple, small, efficient, C++ XML parser that can be easily integrated into other programs. TinyXML-2 parses an XML document, and builds from that a Document Object Model DOM that can be read, modified, and saved. Security Fixes: TinyXML2 through 10.0.0 has a reachable assertion fo...
OESA-2026-1247 tinyxml2 security update
TinyXML-2 is a simple, small, efficient, C++ XML parser that can be easily integrated into other programs. TinyXML-2 parses an XML document, and builds from that a Document Object Model DOM that can be read, modified, and saved. Security Fixes: TinyXML2 through 10.0.0 has a reachable assertion fo...
EUVD-2009-3608
Malware in sbrugna...
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
...
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
...
SUSE CVE-2024-50615
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...
CVE-2024-49761
A flaw was found in the REXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
CVE-2024-49761 affects the Ruby ecosystem via the REXML XML toolkit. The vulnerability exists in the REXML gem before 3.3.9, where parsing an XML containing hex numeric character references (&#x...;) with many digits can cause a ReDoS. Ruby 3.2+ is not affected; Ruby 3.1 is the affected maintaine...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 REXML ReDoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions due to the XMLUtil::GetCharacterRef function. An attacker can cause the application to exit unexpectedly by triggering a reachable assertion for UINTMAX/16. Remediation There is no...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via to the XMLUtil::GetCharacterRef function. An attacker can cause the application to exit by triggering a reachable assertion for UINTMAX/digit. Remediation Upgrade tinyxml2 to...
AZL-51874 CVE-2024-50614 affecting package cppcheck 2.7-2
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...
AZL-51999 CVE-2024-50615 affecting package tinyxml2 for versions less than 9.0.0-2
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...
AZL-51887 CVE-2024-50614 affecting package cppcheck for versions less than 2.18.3-1
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...
UBUNTU-CVE-2024-50614
TinyXML2 through 10.0.0 has a reachable assertion for UINTMAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef...