UBUNTU-CVE-2019-9628

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected...

Denial Of Service

PostgreSQL is vulnerable to denial of service DoS attack. The attack exists because of failure to have proper the enumrecv function declaration in backend/utils/adt/enum.c causes an array index error, leading to a heap-based out-of-bounds buffer read flaw. Therefore, an unprivileged database user...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. The vulnerability exists as libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references ...

jasper security update

1.900.1-33 - remove implicit declaration of jaseprintf 1585830 1.900.1-32 - Fix CVE-2016-9396 1583721 - Fix CVE-2017-1000050 1585830...

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

Apache Camel's XSLT component allows remote attackers to read arbitrary files

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

SUSE-RU-2018:3087-1 Recommended update for tcpdump

This update for tcpdump provides the following fix: - The original fix for CVE-2016-7975 was using a variable before declaring it. Fix this by moving the declaration before any usage. bsc1094241, CVE-2016-7975...

XML External Entity (XXE)

pmml-model is vulnerable to XML external entity attacks. The doctype declaration is not disabled in the XML Reader which would potentially allow attackers to retrieve confidential data, perform server side request forgery or cause a denial of service condition...

feedparser denial of service vulnerability

feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0.1 allows remote attackers to cause a denial of service application crash via a malformed DOCTYPE declaration...

Aurora IDEX Membership(IDXM), ERC20 Token, allows attackers to acquire contract ownership (CVE-2018–10666)

Abstract I found a new vulnerability in smart contract of IDXM Token CVE-2018–106661. Attackers can acquire contract ownership because the setOwner function is delcared as public. A new owner can subsequently bypass intended access restrictions by, for example, calling uploadBalances. Details In...

Foxit Reader Arbitrary Code Execution Vulnerability (CNVD-2018-10555)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in the parsing of the U3D Clod Progressive Mesh Declaration framework in Foxit Reader version 9.0.0.29935, which is caused by the program failing to properly validate user-submitted...

CVE-2018-10489

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

XML External Entity (XXE)

uimaj is vulnerable to XML External Entity XXE attacks. The library does not disable document type declaration by default, allowing a malicious user to pass an XML file that can lead to arbitrary code execution or information disclosure...

CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

Design/Logic Flaw

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

DEBIAN-CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

XML External Entity (XXE)

libxml2 is vulnerable to XML External Entity XXE attacks. The library does not disable document type declaration by default, allowing a malicious user to pass a file that can lead to arbitrary code execution or information disclosure...

Shibboleth for Windows Shibboleth Service Provider Shibboleth XMLTooling-C Information Disclosure Vulnerability

Shibboleth for Windows is an open source SAML based Web Single Sign-On system for Windows from Shibboleth, UK. Shibboleth Service Provider SP is one of the Service Provider components. Shibboleth Service Provider SP is one of the service provider component . Shibboleth XMLTooling-C is one of the...

XML External Entity (XXE)

Adobe xmpcore is vulnerable to XML external entity XXE attacks. The attacks are possible because it does not properly handle the XML data containing an external entity declaration in conjunction with an entity reference, allowing users to read arbitrary files...