2725 matches found
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-2063)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2018-1101)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2018-1100)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1758)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2016-1004)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
XML External Entity (XXE) Injection
pyamf is vulnerable to XML external entity XXE attacks. The attack exists because the XML parser does not disable the parsing of external DTDs, allowing a remote attacker to inject malicious external DTD entities via an Action Message Format AMF payload to retrieve system files or perform request...
Xxe
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
CVE-2020-2092 affects Jenkins Robot Framework Plugin (versions ≤ 2.0.0). The issue is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, enabling users with Job/Configure to submit crafted XML documents that may expose secrets, enable SSRF, or cause denial of serv...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
Cisco Data Center Network Manager addGroupNavigation XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the addGroupNavigation SOAP...
Cisco Data Center Network Manager getTopologyVlanList XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the getTopologyVlanList SOAP...
Cisco Data Center Network Manager getInventoryIslList XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the getInventoryIslList SOAP...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. Mitigation Mitigation for this issue is either...
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
Design/Logic Flaw
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
CVE-2018-1311
CVE-2018-1311 describes a use-after-free in the Apache Xerces-C++ XML parser when scanning external DTDs. Publicly reported ranges indicate impact on Xerces-C versions 3.0.0–3.2.3, with no fixes in those older maintained lines and mitigation limited to disabling DTD processing (via DOM feature or...