EUVD-2021-9163

Malicious code in bioql PyPI...

PT-2024-6096

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.6.3 Description The issue is related to a problem in the libexpat library, which is used for parsing XML files. It is caused by the library's failure to properly restrict references to external XML entities. This c...

Medium: php

Issue Overview: A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

SUSE CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits...

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

Denial of service

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

CVE-2021-21992

CVE-2021-21992 describes a denial-of-service vulnerability in VMware vCenter Server caused by improper XML entity parsing. An attacker with non-administrative access to the vCenter HTML5/vSphere Web Client could trigger a DoS on the vCenter host. Affected product: VMware vCenter Server (and Cloud...

CVE-2021-21992

The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client HTML5 or vCenter Server vSphere Web Client FLEX/Flash may exploit this issue to create a denial-of-service...

CVE-2020-0765

An information disclosure vulnerability exists in the Remote Desktop Connection Manager RDCMan application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'...

Gentoo Security Advisory GLSA 201405-14

Gentoo Linux Local Security Checks GLSA 201405-14 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

GLSA-201405-14 : Ruby OpenID: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201405-14 Ruby OpenID: Denial of Service An XML entity parsing error has been discovered in Ruby OpenID. Impact : A remote attacker could send a specially crafted XML file, possibly resulting in a Denial of Service condition...

Nixu NameSurfer多个安全漏洞

CVE ID:CVE-2014-0060、CVE-2014-0061、CVE-2014-0062、CVE-2014-0063、CVE-2014-0064、CVE-2014-0065、CVE-2014-0066 Nixu NameSurfer是一个实现集中地址管理覆盖的IPAM软件应用解决方案。 Nixu NameSurfer存在多个安全漏洞： 1，部分输入在使用之前缺少过滤，允许攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 2，解析XML实体时存在错误，允许攻击者利用特制的包含外部实体引用的XML文档来获取本地资源数据或消耗服务器资源。...

QtCore: Denial of service

Background The Qt toolkit is a comprehensive C++ application development framework. Description A vulnerability in QXmlSimpleReader’s XML entity parsing has been discovered. Impact A remote attacker could entice a user to open a specially crafted XML file using an application linked against QtCor...