343 matches found
PT-2024-32663 · Sap Se · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to missing validation of XML input, which allows an unauthenticated attacker to send malicious input to an endpoint. This leads to ...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2725)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
EulerOS 2.0 SP11 : python-lxml (EulerOS-SA-2024-2565)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2591)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XML External Entity (XXE)
kimai/kimai is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input, specifically failing to securely process external entities within XML documents, allowing an attacker to inject malicious XML content...
Local File Bypass
phpoffice/phpspreadsheet is vulnerable to Local File Bypass. The vulnerability is due to improper validation and handling of XML input within XmlScanner.php, which allows attackers to exploit XXE to access local file contents...
CVE-2024-41881
SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environme...
XML Entity Expansion (XXE)
ebookmeta is vulnerable to an XML External Entity XXE vulnerability. The vulnerability is due to improper handling of crafted XML input via the lxml dependency in the ebookmeta.getmetadata function, allowing attackers to access sensitive information or cause a Denial of Service DoS...
XML Entity Expansion (XXE)
ebookmeta is vulnerable to an XML External Entity XXE vulnerability. The vulnerability is due to improper handling of crafted XML input in the ebookmeta.getmetadata function, allowing attackers to access sensitive information or cause a Denial of Service DoS...
ebookmeta XML External Entity vulnerability
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
ebookmeta XML External Entity vulnerability
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
GHSA-WHF4-FPJ8-PGG8 ebookmeta XML External Entity vulnerability
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
CVE-2024-37388
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
CVE-2024-37388
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
CVE-2024-36827
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
CVE-2024-36827
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
PYSEC-2024-76
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
CVE-2024-37388
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...
CVE-2024-36827
An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...