libvirt: unsafe parsing of XML documents allows libvirt DoS and/or arbitrary file read

It was found that libvirt passes the XMLPARSENOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read t...

USN-1905-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled the xmlparseintostruct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code...

Vulnerability in core server (CVE-2012-3489)

xmlparse DTD validation can be used to read arbitrary files...

postgresql: File disclosure through XXE in xmlparse by DTD validation

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...

DEBIAN-CVE-2009-3560

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

libxml2: long entity name heap buffer overflow

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service crash or execute arbitrary code via a long XML entity name...