34 matches found
CVE-2026-49235 Routinator crashes on specifically crafted RRDP XML files
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...
EUVD-2017-6802
Malware in sbrugna...
EUVD-2012-1182
Malware in sbrugna...
EUVD-2018-0524
Malware in sbrugna...
EUVD-2023-27867
Malicious code in bioql PyPI...
CVE-2018-1000651
Stroom version 5.4.5 contains a XML External Entity XXE vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file...
Linux Distros Unpatched Vulnerability : CVE-2012-1148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context- dependent attackers to cause a denial of service memory...
CVE-2023-51601
The CVE-2023-51601 entry describes a XXE vulnerability in Honeywell Saia PG5 Controls Suite involving the XML parser’s improper restriction of external entity references. A crafted XML/contacted document can cause the parser to access a URI and embed its contents, enabling an attacker to disclose...
The vulnerability of FortiWeb web applications’ network firewalls, caused by buffer overflows in the stack, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications’ network firewalls is caused by buffer overflow on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created XML files...
SUSE CVE-2021-31348
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2021-34706
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...
CVE-2021-31598
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow...
Heap overflow
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow...
CVE-2021-31598
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow...
CVE-2021-31348
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...
Design/Logic Flaw
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...
CVE-2021-31348
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...
CVE-2021-31347
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...
CVE-2021-31347
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...