EUVD-2018-1312

Malware in sbrugna...

PT-2025-18085 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue concerns a data-source protection mechanism bypass during the deserialization of XML data. This means that the normal protections in place to safeguard data sources can be circumvente...

CVE-2015-7461

XML external entity XXE vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service memory consumption via crafted XML data. IBM X-Force ID: 108357...

MGASA-2018-0050 Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

Ametys CMS 3.5.2 - 'lang' XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with ...