Medium: thunderbird

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

EUVD-2023-2980

Malicious code in bioql PyPI...

MinIO Java Client XML Tag Value Substitution Vulnerability

Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...

PT-2025-39921

Name of the Vulnerable Software and Affected Versions MinIO Java SDK versions prior to 8.6.0 Description The MinIO Java SDK is a client for performing bucket and object operations with Amazon S3 compatible object storage services. Versions prior to 8.6.0 improperly handle XML tag values containin...

CVE-2013-3506

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Scrapy vulnerabilities (USN-7476-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7476-1 advisory. It was discovered that Scrapy improperly exposed HTTP authentication credentials to request targets, including during...

CVE-2025-31487

The CVE-2025-31487 affects the XWiki JIRA extension. If the JIRA macro is installed, a logged-in user could abuse the macro to trigger a request that returns XML containing a DOCTYPE with an XXE payload, potentially displaying contents of local files on the XWiki server (e.g., in fields like summ...

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

Summary IBM® Db2® NSE Net Search Extender is affected by a vulnerability in the open source Expat library. Vulnerability Details CVEID:CVE-2024-28757 DESCRIPTION: libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

Cloud Backup "Inner SQL exception in the service provider infrastructure"

The error documented in this article can occur due to various reasons. This article specifically addresses a single scenario related to the underlying SQL database engine used by the Veeam Cloud Service Provider. The log snippet provided in the 'Cause' section offers context to help confirm wheth...

Security Bulletin: Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-1000632)

Summary Vulnerability have been identified in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

AIX : Multiple Vulnerabilities (IJ47630)

The version of AIX installed on the remote host is prior to APAR IJ47630. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ47630 advisory. - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document,...

Configuration Restore Fails With: "2200N: invalid XML content DETAIL: buffer full"

Challenge When performing a configuration restore or migration, the Restore process fails with the error: 2200N: invalid XML content DETAIL: buffer full Cannot read configuration backup Cause This error is caused by an underlying issue within PostgreSQL 15.1 and 15.2 PostgreSQL 15.1 was included...

CVE-2022-25314

An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded rather than user input, takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service. Mitigation There ...

CVE-2022-25315

An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution. Mitigation There is no known...

CVE-2022-25313

A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service. Mitigation There is no known mitigation other than restricting applications using the expat library from processing untrusted XML...

Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)

Summary IBM Cloud Private is vulnerable to a Go vulnerability Vulnerability Details CVEID: CVE-2021-27919 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with “../”. By persuading a victim to open a...

Security Bulletin: Dom4j XML Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1000632)

Summary IBM Sterling B2B Integrator has addressed a Dom4j XML injection vulnerability. Vulnerability Details CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a...