343 matches found
DEBIAN-CVE-2022-41966
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...
CVE-2022-37189
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...
SAP Business One Denial of Service Vulnerability
SAP Business One is a set of enterprise management software from SAP. The software includes functions such as financial management, operations management and human resource management. A denial-of-service vulnerability exists in SAP Business One version 10.0, which stems from improper input clean...
CVE-2022-35168
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative...
CVE-2022-35168
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative...
Input validation
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative...
XML External Entity (XXE)
xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
CVE-2021-42860
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...
Mini-XML 安全漏洞
Mini-XML mxml is a small XML parser developed in C language. A security vulnerability exists in Mini-XML v3.2, which stems from a stack buffer overflow in mxmlstringgetc:2611 when feeding an unformatted XML string into the mxmlLoadString API...
AlmaLinux 8 : expat (ALSA-2020:4484)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4484 advisory. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount o...
Antenna House Office Server Document Converter 代码问题漏洞
Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel and Powerpoint into high quality Pdf or image formats that are easy to share and look accurate on any screen. A code issue vulnerability exist...
NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Multiple Vulnerabilities (NS-SA-2021-0175)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amoun...
UBUNTU-CVE-2021-42260
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXMLUTFLEAD0 case. It can be triggered by a crafted XML message and leads to a denial of service...
Prototype Pollution
Overview body-parser-xml is a XML parser middleware for express.js. Affected versions of this package are vulnerable to Prototype Pollution. The prototype of req.body can be polluted. PoC const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser...
USN-5061-1: Scilab vulnerabilities
It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code...
CVE-2021-39139
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of th...
Misinterpretation of malicious XML input
Overview Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.7.0 see issue 271 for the stat...
GHSA-5FG8-2547-MR8Q Misinterpretation of malicious XML input
Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...