openSUSE: Security Advisory for xerces-c (openSUSE-SU-2021:2958-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE 15 Security Update : xerces-c (openSUSE-SU-2021:1231-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1231-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

openSUSE 15 Security Update : xerces-c (openSUSE-SU-2021:2958-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2958-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

OPENSUSE-SU-2021:1231-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. This update was imported from the SUSE:SLE-15:Update update project...

OPENSUSE-SU-2021:2958-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

SUSE-SU-2021:2958-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

SUSE SLED15 / SLES15 Security Update : xerces-c (SUSE-SU-2021:2958-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2958-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has n...

SUSE: Security Advisory (SUSE-SU-2021:2944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2021:2944-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2944-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. Thi...

SUSE-SU-2021:2944-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

SUSE-SU-2021:2920-1 Security update for xerces-c

This update for xerces-c fixes the following issues: - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552...

CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

Cisco UCS Director AMF XML External Entity Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco UCS Director. Authentication is not required to exploit this vulnerability. The specific flaw exists within the amf endpoint, which listens on TCP port 443 by default. Due to the improp...

PT-2021-24348 · Unknown · Fast-Xml-Parser

Name of the Vulnerable Software and Affected Versions: fast-xml-parser versions prior to 4.1.2 Description: The issue allows for Prototype Pollution via the proto variable. This can be exploited by including proto as a tag or attribute name in an XML string. The estimated number of potentially...

Siemens Solid Edge XML External Entity Injection Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. A security vulnerability exists in previous versions of Siemens Solid Edge SE2021 SE2021MP7, which stems from an XML...

CVE-2021-37178

A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...

Xxe

A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...

CVE-2021-37178

A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...

CVE-2021-32972

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...

Design/Logic Flaw

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing softwa...