XML Entity Expansion (Billion Laughs)

Overview Affected versions of this package are vulnerable to XML Entity Expansion Billion Laughs when parsing of custom XML entities in DOCTYPE. An attacker can cause the application to consume excessive memory by submitting malicious SVG files containing recursive entity references. Workaround F...

USN-7368-1: SnakeYAML vulnerability

It was discovered that SnakeYAML incorrectly handled recursive entity references. An attacker could possibly use this issue to cause SnakeYAML to crash, resulting in a denial of service...

libexpat 安全漏洞

libexpat is a streaming XML parser written in C by the libexpat team. A security vulnerability exists in libexpat that stems from a potential stack overflow when processing recursive entity extensions in XML documents, which could result in a denial of service or memory corruption...

PT-2025-7267 · Weeek · Weeek

Name of the Vulnerable Software and Affected Versions: WEEEK affected versions not specified Description: The issue is related to improper restriction of recursive entity references in the DTD of a task and project management service. This could allow a remote attacker to cause a denial of servic...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the GMLASReader class due to improper entity expansion restrictions. Exploiting this vulnerability is possible when parsing specially crafted XML files with recursive entity definitions. Details Denial of Servi...

DEBIAN-CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

GHSA-GP6M-VQHM-5CM5 XML2Dict XML Entity Expansion Vulnerability

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. The parse function does not properly restrict recursive entity references...

OracleVM 2.1 : libxml2 (OVMSA-2009-0018)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add bug347316.patch to backport fix for bug347316 from upstream version - Add libxml2-enterprise.patch and update logos in tarball - Fix a couple of crash CVE-2009-2414, CVE-2009-2416 - Resolves:...

libxml2: denial of service via recursive entity expansion

A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service bas...

Ubuntu Update for libxml2 vulnerability USN-640-1

Ubuntu Update for Linux kernel vulnerabilities USN-640-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6401.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libxml2 vulnerability USN-640-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

ruby: DoS vulnerability in the REXML module

The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion."...

libxml2 security update

2.6.26-2.1.2.3.0.1 - Add libxml2-enterprise.patch and update logos in tarball 2.6.26-2.1.2.3 - Patch to fix recursive entities handling CVE-2008-3281 - Resolves: rhbz458095...