EUVD-2016-2932

Malware in sbrugna...

EUVD-2011-1756

Malware in sbrugna...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

Ubuntu 14.04 LTS / 16.04 LTS : XStream vulnerabilities (USN-6978-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6978-1 advisory. It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue ...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2024-1803)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2024-1744)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

CVE-2024-25062

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

Red Hat JBoss Core Services libxml2 Denial of Service Vulnerability (CNVD-2018-15905)

Red hat JBoss Core Services is the United States Red Hat Red Hat, Inc. provides a variety of intermediate section of the tool set. libxml2 is the GNOME project team developed a C-based language used to parse XML documents library, which supports a variety of encoding formats, Xpath parsing,...

DEBIAN-CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

Design/Logic Flaw

Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...

Debian DLA-88-1 : ruby1.8 security update

This update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900...

openSUSE Security Update : castor (openSUSE-SU-2014:0822-1)

castor was updated to prevent XXE attacks via crafted XML documents CVE-2014-3004. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-435. The text description of this plugin is C...