BehaviorTree.CPP 代码问题漏洞

BehaviorTree.CPP is a library for behavior trees in C++ open-sourced by BehaviorTree. A code issue vulnerability exists in BehaviorTree.CPP version 4.7.0 and earlier, which stems from a null pointer dereference in the XMLParser::PImpl::loadDocImpl function in the XML Parser component, which could...

PT-2025-39634

Name of the Vulnerable Software and Affected Versions BehaviorTree versions prior to 4.7.1 Description A flaw exists in BehaviorTree due to a null pointer dereference within the XMLParser::PImpl::loadDocImpl function located in the /src/xml parsing.cpp file of the XML Parser component. This issue...

[SECURITY] Fedora 41 Update: expat-2.7.2-1.fc41

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 43 Update: expat-2.7.2-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted XML document, resulting in service disruption due to resource exhaustion...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted XML document, resulting in service disruption due to resource exhaustion...

Linux Distros Unpatched Vulnerability : CVE-2024-23807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are...

CVE-2023-7307

Sangfor Behavior Management System also referred to as DC Management System in Chinese-language documentation contains an XML external entity XXE injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity...

Linux Distros Unpatched Vulnerability : CVE-2022-28890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 a...

PT-2025-34950 · Sangfor · Iam +2

Name of the Vulnerable Software and Affected Versions: Sangfor Behavior Management System affected versions not specified Description: The Sangfor Behavior Management System also referred to as DC Management System contains an XML external entity XXE injection vulnerability in the /src/sangforind...

Linux Distros Unpatched Vulnerability : CVE-2017-8315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the...

Linux Distros Unpatched Vulnerability : CVE-2023-27476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib'...

XML External Entity (XXE) Injection

Allure is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parser configuration due to insecure settings in the xunit-xml-plugin that allow external entity expansion when processing .xml test result files...

TencentOS Server 3: expat (TSSA-2022:0042)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0042 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Prototype Pollution due to fast-xml-parser ( CVE-2023-26920 )

Summary fast-xml-parser is used by IBM Cloud Pak for Data. CVE-2023-26920. Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the tag or attribu...

OESA-2025-1537 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2023-26461

SAP NetWeaver allows SAP Enterprise Portal - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...