8 matches found
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
Xxe
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
CVE-2022-0217
CVE-2022-0217 concerns an internal Prosody XML-loading library that uses libexpat. The issue is that not all XML features were properly restricted, enabling potential recursion expansion of entity references in DTDs (CWE-776) and, depending on the libexpat version, possible injections via XML Ext...
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
Siemens Mendix Excel Importer
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Excel Importer Module Vulnerability: XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the...
FreeBSD : Prosody XMPP server advisory 2022-01-13 (e3ec8b30-757b-11ec-922f-654747404482)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e3ec8b30-757b-11ec-922f-654747404482 advisory. - It was discovered that an internal Prosody library to load XML based on libexpat does not properly...
openSUSE 15 Security Update : prosody (openSUSE-SU-2022:0012-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2022:0012-1 advisory. - It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML...