CVE-2019-13176

An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...

Linux Distros Unpatched Vulnerability : CVE-2016-4658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid...

The vulnerability of the digital signature and XML encryption library for Node.js’ xml-crypto, related to improper verification of cryptographic signatures, allows attackers to forge digital signatures.

The vulnerability of the digital signature and encryption library for Node.js’ xml-crypto is related to improper validation of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to forge digital signatures by inserting a newly created, specially crafted signature...

CVE-2016-2073

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...