fast-xml-parser 安全漏洞

fast-xml-parser is an open source library from Natural Intelligence. It is used to quickly validate XML, parse XML and build XML without C/C++ based libraries and callbacks. A security vulnerability exists in fast-xml-parser version v4.2.4. An attacker could use this vulnerability to cause a deni...

PT-2024-29584

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 4.4.1 Description A ReDOS issue exists in the currency.js component of the fast-xml-parser library, specifically affecting the experimental version 5. This issue can cause a denial of service during currency...

CVE-2024-41818

creationtimestamp| type| source ---|---|--- 2024-07-28 00:58:52+00:00| published-proof-of-concept| https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

MAL-2024-1713 Malicious code in abcotv-xml-parser (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in abcotv-xml-parser (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary...

SEW-EURODRIVE MOVITOOLS MotionStudio XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote atttackers to disclose sensitive information on affected installations of SEW-EURODRIVE MOVITOOLS MotionStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

ROS-20240603-03

A vulnerability in the XML parser library libexpat is related to incorrect restriction of recursive object references in DTDs. recursive object references in DTDs. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

RHEL 5 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Out-of-bounds heap read on crafted input causing crash CVE-2016-0718 - The XML parser xmlparse.c i...

Progress Software Telerik Reporting ValidateMetadaUri XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software Telerik Reporting. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

RHEL 5 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Undefined behavior and pointer overflows CVE-2016-4472 - The XML parser in Expat does not use...

RHEL 7 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Undefined behavior and pointer overflows CVE-2016-4472 - The XML parser in Expat does not use...

SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

ROS-20240506-01

A vulnerability in the libexpat XML parser library is related to incorrect restriction of XML references to external objects. XML references to external objects. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by transmitting specially crafte...

CVE-2023-51601

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-51602

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-51600

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

CVE-2023-44412

D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...