CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

Razer: Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack

The tester discovered a Razer Gold Thailand server was vulnerable to a DoS attack / resource exhaustion related to an XML parser used on the server. Razer thanks the tester for his clear report/PoC...

Advantech WISE-PaaS/RMM AccountMgmt fuzzySearch XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the improper restriction of XML External...

Advantech WISE-PaaS/RMM RecoveryMgmt ActionCommd_ota XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the improper restriction of XML External...

Advantech WISE-PaaS/RMM AccountMgmt activateAccount XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the improper restriction of XML External...

Advantech WISE-PaaS/RMM RecoveryMgmt addRecoverySch XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the improper restriction of XML External...

XML External Entity (XXE)

Raml parser is vulnerable to XML external entity attacks. The attack is possible because an XML input containing a reference to an external entity is not blocked by the XML parser, allowing an attacker to inject malicious XML files to retrieve system files or perform requests on behalf of the...

DEBIAN-CVE-2019-2981

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2019-1060

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'...

XML External Entity (XXE)

jOOX is vulnerable to XML external entity attacks. It is possible because XMLasDOMBinding does not prevent the resolution of external entity references, allowing the attackers to submit malicious XML to the XML parser and gain access to information about an internal network, local file system, or...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM Security Access Manager for Enterprise Single Sign-On

Summary These issues were also addressed by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By...

[SECURITY] Fedora 29 Update: expat-2.2.8-1.fc29

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Fedora Update for expat FEDORA-2019-9505c6b555

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: expat-2.2.8-1.fc31

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1841)

According to the version of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amou...

Heap overflow

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

CVE-2019-15903

CVE-2019-15903 is a libexpat/libxml2 (Expat) issue present in libexpat prior to 2.2.8. Crafted XML input could cause the parser to switch from DTD parsing to document parsing too early, and a subsequent call to XML_GetCurrentLineNumber/XML_GetCurrentColumnNumber could trigger a heap-based buffer ...

Security Bulletin: Open Source Apache PDFBox Vulnerabilities in IBM Content Classification

Summary Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of...