40 matches found
EUVD-2025-202944
Malicious code in gfruitmaliciousxmlparser npm...
EUVD-2021-2144
Malware in sbrugna...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...
CVE-2024-56356
JetBrains TeamCity prior to 2024.12 is affected by an insecure XMLParser configuration that may permit XXE attacks. The root cause is improper handling of external entities in XML parsing, as described in multiple sources (including PT-2024-9791 and Red Hat). Impact is potential data exposure via...
PT-2024-9791 · Jetbrains · Jetbrains Teamcity +1
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12 Description: The issue is related to the XMLParser component in the JetBrains TeamCity system, which has an incorrect restriction on XML links to external objects. This can allow a remote attacker ...
GHSA-32R8-54HF-C9P3 unstructured XML External Entity (XXE)
unstructured v.0.14.2 and before is vulnerable to XML External Entity XXE via the XMLParser...
CVE-2024-46455
CVE-2024-46455 affects the Unstructured library: unstructured v0.14.2 and earlier are vulnerable to XML External Entity (XXE) via the XMLParser. Root cause is XXE processing in XMLParser, enabling an attacker to exploit XML parsing. Impact is reported as high/critical in CVSS metrics (9.8, Confid...
CVE-2024-46455
unstructured v.0.14.2 and before is vulnerable to XML External Entity XXE via the XMLParser...
Eclipse Jetty XXE Vulnerability (GHSA-58qw-p7qm-5rvh) - Windows
Eclipse Jetty is prone to a XML external entity XXE vulnerability in the XMLParser. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Eclipse Jetty XXE Vulnerability (GHSA-58qw-p7qm-5rvh) - Linux
Eclipse Jetty is prone to a XML external entity XXE vulnerability in the XMLParser. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Design/Logic Flaw
fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...
XML External Entity (XXE) Injection
jetty-xml is vulnerable to XML External Entity XXE Injection. The vulnerability exists because the XmlParser function of XmlParser.java does not sanitize the DOCTYPE declaration, which allows an attacker to inject maliciously crafted XML. Note that it is the vendors position that an attacker woul...
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
From the reporter XmlParser is vulnerable to XML external entity XXE vulnerability. XmlParser is being used when parsing Jetty’s xml configuration files. An attacker might exploit this vulnerability in order to achieve SSRF or cause a denial of service. One possible scenario is importing a remote...
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Impact As a part of this vulnerability, user was able to se code using proto as a tag or attribute name. js const XMLParser, XMLBuilder, XMLValidator = require"fast-xml-parser"; let XMLdata = "hacked" const parser = new XMLParser; let jObj = parser.parseXMLdata; console.logjObj.polluted // should...
Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow
Windows: Heap buffer overflow in sxs!CNodeFactory::XMLParserElementdocassemblyassemblyIdentity SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS In 2020, Proje...
OESA-2022-1696 openjdk-11 security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and...
GHSA-3448-VRGH-85XR NULL Pointer Dereference in OpenCV.
An issue was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.1.26. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...