Linux Distros Unpatched Vulnerability : CVE-2026-25128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0...

Remote Code Execution (RCE)

org.lucee, lucee is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper XML entity processing in the Lucee REST endpoint, allows an attacker to execute arbitrary code by exploiting improper XML entity processing in the Lucee REST endpoint...

CVE-2023-51602

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-42035 Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability

Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this...

Security Bulletin: Vulnerability in XML Entity Processsing affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8980)

Summary The product does not disable external XML Entity Processsing which can lead to information disclosure and denial of service attacks. Vulnerability Details CVEID: CVE-2016-8980 DESCRIPTION: IBM BigFix Inventory v9.x is vulnerable to a denial of service, caused by an XML External Entity...

SRC-2020-0031 : Microsoft Exchange Server EWS RouteComplaint ParseComplaintData XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of RouteComplaint SOAP requests to the EWS service...

PT-2019-5029 · Mchange +4 · C3P0 +4

Name of the Vulnerable Software and Affected Versions: c3p0 versions prior to 0.9.5.4 Description: The issue is related to errors in processing XML entities in the ConfigXmlUtils function of the c3p0 library for JDBC drivers. This can be exploited by a remote attacker to cause a denial of service...

CVE-2016-9487 EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks

EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf...

Critical: java-1.7.0-openjdk

Issue Overview: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox...

[USN-2005-1] Cinder vulnerabilities

========================================================================== Ubuntu Security Notice USN-2005-1 October 23, 2013 cinder vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-1734-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1734-1 February 21, 2013 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-1730-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1730-1 February 20, 2013 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Ubuntu Update for cinder USN-1731-1

Check for the Version of cinder OpenVAS Vulnerability Test $Id: gbubuntuUSN17311.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for cinder USN-1731-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

Ubuntu: Security Advisory (USN-1731-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1734-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-1730-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 11.10 / 12.04 LTS / 12.10 : nova vulnerability (USN-1734-1)

Joshua Harlow discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. CVE-2013-1664. Note that Tenable Network Security has extracted the preceding description block...

USN-1731-1: OpenStack Cinder vulnerability

Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. CVE-2013-1664...

Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1730-1)

Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. CVE-2013-0282 Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker...

Ubuntu 12.10 : cinder vulnerability (USN-1731-1)

Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. CVE-2013-1664. Note that Tenable Network Security has extracted the preceding description block...