RHEL 8 : expat (RHSA-2025:3913)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3913 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat...

Debian: Security Advisory (DLA-723-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2015:0093-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

Microsoft Office: Disable Smart Documents use of manifests

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013documentmanifest.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Disable Smart Document's use of manifests Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...

Debian DLA-723-1 : libsoap-lite-perl security update

It was discovered that there was a 'Billion Laughs' 0 XML expansion vulnerability in libsoap-lite-perl, a Perl implementation of a SOAP 1 client and server. For Debian 7 'Wheezy', this issue has been fixed in libsoap-lite-perl version 0.714-1+deb7u1. We recommend that you upgrade your...

[SECURITY] [DLA 723-1] libsoap-lite-perl security update

Package : libsoap-lite-perl Version : 0.714-1+deb7u1 CVE ID : CVE-2015-8978 It was discovered that there was a "Billion Laughs" 0 XML expansion vulnerability in libsoap-lite-perl, a Perl implementation of a SOAP 1 client and server. For Debian 7 "Wheezy", this issue has been fixed in...

DLA-723-1 libsoap-lite-perl - security update

Bulletin has no description...

CVE-2015-8978

In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...

openSUSE Security Update : ruby20 (openSUSE-SU-2015:0002-1)

This ruby update fixes the following two security issues : - bnc902851: fix CVE-2014-8080: Denial Of Service XML Expansion - bnc905326: fix CVE-2014-8090: Another Denial Of Service XML Expansion - Enable tests to run during the build. This way we can compare the results on different builds...

openSUSE Security Update : ruby19 (openSUSE-SU-2014:1589-1)

ruby19 was updated to fix two security issues. These security issues were fixed : - Denial Of Service XML Expansion CVE-2014-8080. - Denial Of Service XML Expansion CVE-2014-8090. Note: These are two separate issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

JBossWS remote Denial of Service

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...