GHSA-432C-WXPG-M4Q3 xml2rfc has file inclusion irregularities

Version 3.12.0 changed xml2rfc so that it would not access local files without the presence of its new --allow-local-file-access flag. This prevented XML External Entity XXE injection attacks with xinclude and XML entity references. It was discovered that xml2rfc does not respect...

PT-2023-2955 · Unknown · Opc Factory Server

Name of the Vulnerable Software and Affected Versions: OPC Factory Server affected versions not specified Description: The issue is related to improper restriction of XML external entity references, which could allow a remote attacker to gain unauthorized read access to the file system. This can...

Denial Of Service (DoS) Memory Consumption, Arbitrary Code Execution And Object-injection Attacks

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

nori contains Improper Input Validation

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

Type confusion

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

CVE-2013-0156

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

CVE-2013-0156

CVE-2013-0156 is a vulnerability in Ruby on Rails where active_support/core_ext/hash/conversions.rb fails to restrict casts of string values, enabling object-injection that can lead to remote code execution or a DoS via nested XML entities. Affected are Rails before 2.3.15, 3.0.x before 3.0.19, 3...

Mandriva Update for postgresql MDVSA-2012:139 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:139 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

CVE-2011-1755

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...