343 matches found
CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...
CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...
CVE-2018-18406
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...
High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack
Cisco Systems has patched two high-severity vulnerabilities that can be exploited by remote unauthenticated adversaries to launch denial of service attacks. Impacted are Cisco’s TelePresence Video Communication Server and the company’s ASA 5500-X Series Firewalls. The vulnerability with the wides...
The vulnerability of XMLTooling’s XML file syntax analysis library lies in its improper handling of exceptions for incorrect XML declarations. This allows a malicious actor to trigger a service failure using a specially crafted XML structure.
The vulnerability of the XML parsing library XMLTooling is related to improper handling of exceptions for incorrect XML declarations. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially crafted XML structure...
CVE-2019-1720
A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability
A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The...
GHSA-6V7W-535J-RQ5M Pivotal Spring Framework DoS Attack with XML Input
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
Pivotal Spring Framework DoS Attack with XML Input
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...
Security Bulletin: A security vulnerability has been identified in FileNet Content Management Interoperability Services (CMIS) shipped with IBM Case Manager (CVE-2018-1364)
Summary FileNet Content Management Interoperability Services CMIS is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting FileNet Content Management Interoperability Services CMIS has been published in a separate security bulletin. Vulnerability Details...
Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which ships with IBM Content navigator, is affected by the ability to parse untrusted XML input containing a reference to an external entity
Summary FileNet Content Management Interoperability Services CMIS, which ships with IBM Content Navigator, is affected by the following vulnerability: Ability to process untrusted XML input containing a reference to an external entity that is parsed by a weekly configured XML parser. Vulnerabilit...
SyncBreeze Enterprise Arbitrary Code Execution Vulnerability
SyncBreeze is a fast, powerful and reliable file synchronization solution for local disks, network shares, NAS storage devices and enterprise storage systems. An arbitrary code execution vulnerability exists in Flexense SyncBreeze Enterprise 10.1.16. An attacker can trigger a buffer overflow by...
Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793)
A denial-of-service vulnerability exists in the Apache Struts 2 REST plugin. The vulnerability is due improper validation of XML input by the XStream library, during the deserialization process. A remote attacker could exploit this vulnerability by sending a crafted XML payload to the target serv...
Information disclosure
Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a...
Security update for the MSINFO.exe information disclosure vulnerability in Windows Server 2008: July 11, 2017
Security update for the MSINFO.exe information disclosure vulnerability in Windows Server 2008: July 11, 2017 Summary An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input that contains a reference to an external entity. To...
Windows System Information Console Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Microsoft Common Console Document .msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...
Windows Performance Monitor Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...
Symantec Management Console XSS/XXE Issues
SUMMARY Symantec has released an update to address two issues that were discovered in the Symantec Management Console. AFFECTED PRODUCTS Symantec Management Console --- CVE | Affected Versions | Remediation CVE-2017-6322 CVE-2017-6323 | Prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6 & ITMS 7.6POSTHF7 |...
Heap-based Buffer Overread
The nokogiri gem contains a libxml2 package which is vulnerable to a heap-based buffer overread vulnerability. The vulnerability in libxml2 is referenced as CVE-2016-1833. Using a flaw in the htmlCurrentChar function, attackers can trigger the vulnerability using malicious XML input...
Heap-Based Buffer Overflow In Libxml2
nokogiri gem is using libxml2 which is vulnerable to CVE-2016-1834. The vulnerability exists when xmlStrlen returns a negative length in the xmlStrncat function. Therefore, it may lead to other attacks such as denial of service or arbitrary code execution through a heap-based buffer overflow usin...