19 matches found
CLSA-2026-1776861173 python3: Fix of CVE-2022-48565
CVE-2022-48565: plistlib: reject XML entity declarations in plist files to prevent XXE attacks...
BIT-LIBPYTHON-2022-48565
An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...
CLSA-2023-1696880318 python2: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
CLSA-2023-1696878189 python: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
CLSA-2023-1696878020 python: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
CLSA-2023-1696877835 python: Fix of CVE-2022-48565
CVE-2022-48565: Reject XML entity declarations in plist files...
CLSA-2023-1695834624 python3: Fix of 2 CVEs
CVE-2021-3177: Replace snprintf to prevent buffer overflow - CVE-2022-48565: Reject XML entity declarations in plist files...
Debian dla-3575 : idle-python2.7 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3575 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3575-1 [email protected]...
CLSA-2023-1694538765 Fix CVE(s): CVE-2022-48565
SECURITY UPDATE: XML vulnerabilities in plist files - debian/patches/CVE-2022-48565.patch: Reject XML entity declarations in plist files - CVE-2022-48565...
SUSE CVE-2022-48565
An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...
CVE-2016-1343
The XML parser in Cisco Information Server CIS 6.2 allows remote attackers to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCuy39059...
Apple OS X XML Double Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XML...
IBM WebSphere Portal XML Parser Denial of Service Vulnerability
IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A security vulnerability exists in th...
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...
Microsoft .NET Framework Directory Traversal Vulnerability
Microsoft .NET Framework is a popular software development toolkit. A directory traversal vulnerability in Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2,4.6 allows remote attackers to read arbitrary files by combining entity references with external entity declaratio...
MediaWiki Denial of Service Vulnerability (CNVD-2015-02419)
MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. When the program uses HHVM or Zend PHP, a remote attacker can exploit the vulnerability to cause a denial of service 'Quadratic Blowup' and memory corruption via an XML file containing entity declarations and multiple enti...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...