Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible...

Denial Of Service (DoS)

The openstack-cinder packages provide OpenStack Volume Cinder, which provides services to manage and access block storage volumes for use by virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0658, did not fully correct the issues in...

XML External Entity (XXE)

The openstack-nova packages provide OpenStack Compute code name Nova, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language XML parser used by Nova. A remote attacker could use this flaw to sen...

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

Xxe

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

CVE-2019-0228

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XFDF...

XML External Entity (XXE)

Apache PDFBox is vulnerable to XML external entity XXE attacks. The XML parser does not disable external DTDs, which would allow an attacker to perform XXE attacks using a malicious XFDF file...

2019 4 on Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net

0x00 event background 2019 04 May 10, 360CERT monitoring to Microsoft to 4, on 9 September released a 4 month safety update. This security update covers the Windows of the body and a plurality of Windows core componentWindows,win32k,RECEIVE,CSRSS,MSXML,VSScriptcode execution/privilege escalation...

Microsoft Windows Multiple Vulnerabilities (KB4493441)

This host is missing a critical security update according to Microsoft KB4493441 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

CVE-2019-0790

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795...

CVE-2019-0793

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795...

MS XML Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could hos...

CVE-2019-9843

In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...

CVE-2019-9843

DiffPlug Spotless is affected by an XML External Entity (XXE) issue in the library and Maven plugin prior to 1.20.0 and in the Gradle plugin prior to 3.20.0. The XML parser resolves external entities over HTTP/HTTPS and ignores resolveExternalEntities, enabling potential disclosure of local files...

(0Day) Microsoft Visual Studio settings XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

[SECURITY] Fedora 29 Update: xerces-c27-2.7.0-28.fc29

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and wri te XML data. A shared library is provided for parsing, generating, manipulatin g, and validating XML documents. Xerces-C is faithful to the XML 1.0...

The vulnerability of the Apache Xerces-C XML Parser for syntactic analysis and XML processing lies in its improper handling of DTD paths, which allows attackers to cause service failures.

The vulnerability of the Apache Xerces-C XML Parser for syntactic analysis and XML processing is related to incorrect handling of DTD paths. In some cases, this leads to the misuse of the zero pointer. Exploiting this vulnerability can allow an attacker to cause service failures remotely...