CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...

CVE-2021-44477 GE Gas Power ToolBoxST Improper Restriction of XML External Entity Reference

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...

Fedora: Security Advisory for expat (FEDORA-2022-10be3957a4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-X3M3-G8W6-MF28 Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity XXE attacks, which is only a problem if XML documents are parsed on the Jenkins controller...

Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AMF protocol. Due to the improper...

XML Entity Expansion

xlsx-streamer is vulnerable to XML entity expansion which is also known as XML Bombs. Lack of necessary settings to prevent XML Entity Expansion issues allows an attacker to pass malicious XML object via XML parser...

Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer

Impact Prior to xlsx-streamer 2.1.0, the XML parser that was used did not apply all the necessary settings to prevent XML Entity Expansion issues. Patches Upgrade to version 2.1.0. Workarounds No known workaround. References...

CVE-2022-23640

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

Design/Logic Flaw

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

CVE-2022-23640

CVE-2022-23640 affects Excel-Streaming-Reader (xlsx-streamer) prior to version 2.1.0, where the XML parser did not apply necessary settings to prevent XML Entity Expansion (XML Bombs). The issue enables potential impact on confidentiality, integrity, and availability (high severity in CVSS 3.1), ...

CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

Excel-Streaming-Reader 代码问题漏洞

Excel-Streaming-Reader is a streaming Excel reader that uses Apache POI. A code issue vulnerability exists in versions of Excel-Streaming-Reader prior to 2.1.0 that stems from the XML parser used by the software missing certain required settings, resulting in XML entity expansion issues...

Fedora: Security Advisory for mingw-expat (FEDORA-2022-04f206996b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mingw-expat (FEDORA-2022-3d9d67f558)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: mingw-expat-2.4.6-1.fc35

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

...

openSUSE 15 Security Update : xerces-j2 (openSUSE-SU-2022:0500-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0500-1 advisory. - There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the...

Expat has an unspecified vulnerability (CNVD-2022-18354)

Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by an attacker to trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...

openSUSE 15 Security Update : xerces-j2 (openSUSE-SU-2022:0503-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0503-1 advisory. - There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the...

SUSE SLES12 Security Update : xerces-j2 (SUSE-SU-2022:0542-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0542-1 advisory. - There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This cause...