12 matches found
Moderate: expat security update
Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...
CVE-2024-47582 XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application...
YamlBeans 代码问题漏洞
YamlBeans is an open source library from Esoteric Software. Can be easily Java object graph with YAML. A security vulnerability exists in Esoteric Software YamlBeans 1.15 and earlier versions, which stems from the ability of a carefully crafted YAML document to perform an XML entity expansion...
OPENSUSE-SU-2021:1876-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
SUSE-SU-2021:1979-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
SUSE-SU-2021:1876-1 Security update for snakeyaml
This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...
CentOS 8 : qt5-qtbase and qt5-qtwebsockets (CESA-2020:4690)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4690 advisory. - qt: XML entity expansion vulnerability CVE-2015-9541 - qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages...
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...
IBM Rational DOORS Next Generation and Rational Requirements Composer Denial of Service Vulnerabilities
IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A security vulnerability exists in the XML parser of IBM...
CVE-2013-3860
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...
Design/Logic Flaw
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...
CVE-2013-3860
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...