190 matches found
Design/Logic Flaw
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...
XML Injection in ReportLab
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
Improper Input Validation in Apache Santuario XML Security
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document...
Improper Restriction of XML External Entity Reference in Castor
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
CVE-2022-24449
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...
Server side request forgery (ssrf)
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...
The vulnerability in the parser.c component of the Libxml2 library, related to pointer dereferencing errors, allows attackers to trigger a denial-of-service attack.
The vulnerability of the parser.c component in the Libxml2 library is related to the lack of error handling during the analysis of XML content. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially created XML document...
CVE-2021-20838
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition by processing a specially crafted XML document...
Sutou Kouhei rexml 安全漏洞
Sutou Kouhei rexml is a Sutou Kouhei open source application . Support for tree and stream document parsing . REXML security vulnerability , the vulnerability stems from parsing and serializing a carefully crafted XML document , may create a structure different from the original document with the...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service DoS. The vulnerability exists when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option whic...
Amazon Linux 2 : python-reportlab (ALAS-2020-1390)
The version of python-reportlab installed on the remote host is prior to 2.5-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1390 advisory. ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted X...
CVE-2015-1811
XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...
Code injection
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
PYSEC-2019-117
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
UBUNTU-CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
PYSEC-2019-47
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
SUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)
This update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document bsc1109847. CVE-2018-1000802: Fixed a comma...