24 matches found
EUVD-2011-1756
Malware in sbrugna...
EUVD-2016-2932
Malware in sbrugna...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2019-20343
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...
libxml2: Use-After-Free in libxml2
A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...
CVE-2024-56171
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...
Ubuntu 14.04 LTS / 16.04 LTS : XStream vulnerabilities (USN-6978-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6978-1 advisory. It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue ...
EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2024-1803)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...
EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2024-1744)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...
CVE-2024-25062
A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
CVE-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
CVE-2024-25062
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
Red Hat JBoss Core Services libxml2 Denial of Service Vulnerability (CNVD-2018-15905)
Red hat JBoss Core Services is the United States Red Hat Red Hat, Inc. provides a variety of intermediate section of the tool set. libxml2 is the GNOME project team developed a C-based language used to parse XML documents library, which supports a variety of encoding formats, Xpath parsing,...
The vulnerability of the libxml2 library allows a attacker to trigger a service failure or read arbitrary files.
The vulnerability of the xmlSAX2ResolveEntity and xmlSetExternalEntityLoader functions in the libxml2 library is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures or read arbitrary files using a specially crafted XML...
Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to trigger service interruptions or execute arbitrary code
The vulnerability of the libxml2 library in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted XML document...
DEBIAN-CVE-2016-1839
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
Design/Logic Flaw
Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...