Memory corruption

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly...

CVE-2017-17289

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability. The software does not release allocated memory properly...

CVE-2017-17289

CVE-2017-17289 describes a memory-leak vulnerability in Huawei devices (e.g., DP300, RP200, TE/VM series) when processing XML data. The issue arises from failure to properly free allocated memory, enabling an authenticated, local attacker to repeatedly upload crafted XML files, potentially causin...

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consum...

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.5. Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause...

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. Vulnerability ID: HWPSIRT-2017-0803...

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

Xxe

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

MGASA-2018-0050 Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

Xxe

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

CVE-2014-3630

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

CVE-2016-4216

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Security Advisory - Memory Leak Vulnerability in Several Huawei Products

There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory...

Security Advisory - Memory Leak Vulnerability in Several Huawei Products

There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory...

USN-3504-1: libxml2 vulnerability

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service...

XML External Entity (XXE)

Adobe xmpcore is vulnerable to XML external entity XXE attacks. The attacks are possible because it does not properly handle the XML data containing an external entity declaration in conjunction with an entity reference, allowing users to read arbitrary files...

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

Denial Of Service (DoS)

Xerces2-j aka Apache Xerces-J parser is vulnerable to denial of service DoS. The attack can be triggered when malicious XML data is passed to Apache Xerces-J parser and processed by the JRE...