Nokogiri vulnerable to libxml XML Entity Expansion

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

GHSA-Q7WX-62R7-J2X7 Nokogiri vulnerable to libxml XML Entity Expansion

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service attacks due to improper prevention of entity expansion in the xmlStringLenDecodeEntities function in parser.c. A context-dependent attacker is able to cause a denial of service by exhausting CPU using specially crafted XML data...

Xxe

XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...

CVE-2014-2296

XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...

Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect

Summary There are potential multiple Expat xml parser vulnerabilities in Prospect Core 8.0.7 Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple...

Security Bulletin: Vulnerability in Apache Derby affects IBM Cúram Social Program Management (CVE-2015-1832)

Summary IBM Cúram Social Program Management uses the Apache Derby Library. Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to...

Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)

Summary Previous releases of IBM Rational Automation Framework are affected by the vulnerabilities in Java that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alert...

Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to a denial of service. (CVE-2017-5644)

Summary Open Source Apache Poi Vulnerability Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could...

Security Bulletin: IBM QRadar SIEM is vulnerable to untrusted XML External Entity uploads. (CVE-2016-2868)

Summary XML External Entity injection in the UI of QRadar allows someone with privileges to upload unvalidated XML. Vulnerability Details CVE-ID: CVE-2016-2868 Description: IBM QRadar could allow a remote attacker with administrator privileges to obtain sensitive information, caused by an error...

Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)

Summary JBoss RestEasy shipped with IBM Emptoris Contract Management is vulnerable to information disclosure. Vulnerability Details CVE ID: CVE-2014-3490 DESCRIPTION: RESTEasy could allow a remote attacker to obtain sensitive information, caused by an incomplete fix related to the processing of X...

Security Bulletin: Vulnerability in Apache Taglibs affects IBM InfoSphere Information Server (CVE-2015-0254)

Summary An Apache Taglibs vulnerability while processing XML data was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External...

Security Bulletin: Multiple security exposures in IBM Cognos BI Server (CVE-2013-6954, CVE-2013-6732, CVE-2013-5802, CVE-2013-5825, CVE-2014-0854, CVE-2014-0861)

Summary IBM Cognos BI Server is affected by multiple security exposures. Vulnerability Details CVE ID: CVE-2013-6954 DESCRIPTION: If an attacker is able to upload a specially-crafted image to the IBM Cognos BI Server and have the application process it, they may be able to cause the application t...

Geist WatchDog Console XML External Entity Injection Vulnerability

Geist WatchDog Console is a suite of environmental monitoring software from Geist USA. An XML external entity injection vulnerability exists in Geist WatchDog Console version 3.2.2. A remote attacker can exploit this vulnerability to read arbitrary files with specially crafted XML data...

Xxe

XML external entity XXE vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data...

Xxe

Multiple XML external entity XXE vulnerabilities in the 1 CCRC WAN Server / CM Server, 2 Perl CC/CQ integration trigger scripts, 3 CMAPI Java interface, 4 ClearCase remote client, and 5 CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through...

Xxe

Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....

CVE-2014-0931

Multiple XML external entity XXE vulnerabilities in the 1 CCRC WAN Server / CM Server, 2 Perl CC/CQ integration trigger scripts, 3 CMAPI Java interface, 4 ClearCase remote client, and 5 CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through...

CVE-2014-0931

CVE-2014-0931 maps to multiple XXE vulnerabilities in IBM Rational ClearCase components: CCRC WAN Server/CM Server, Perl CC/CQ integration scripts, CMAPI Java interface, ClearCase remote client, and CMI/OSLC-based ClearQuest integrations. Affected product lines span IBM Rational ClearCase 7.0.x (...

CVE-2014-0950

Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....