CVE-2024-25129 Limited data exfiltration in CodeQL CLI

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2024-25129

The CVE-2024-25129 entry concerns CodeQL CLI prior to version 2.16.3, where an XML External Entity flaw in the CLI’s XML parser can cause the CLI to fetch an HTTP URL containing data read from a local file when processing malicious databases or specially crafted QL sources. Impact described as po...

SUSE CVE-2024-23807

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

[SECURITY] Fedora 39 Update: expat-2.6.0-1.fc39

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Fedora: Security Advisory (FEDORA-2024-269826c2b3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Xerces-C Resource Management Error Vulnerability

Apache Xerces-C is an XML parser from the Apache USA Foundation written in C++. Apache Xerces-C suffers from a resource management error vulnerability that stems from memory reuse after release...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

Design/Logic Flaw

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

CVE-2023-52239

CVE-2023-52239 affects Magic xpi Integration Platform 4.13.4. The XML parser is vulnerable to XML External Entity (XXE) attacks, e.g., via onItemImport. Impacts include potential disclosure or manipulation of downstream data where XML is processed; exploitation details are not fully provided in t...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

libexpat Security Vulnerabilities

libexpat is a streaming XML parser written in C. It can be used in a number of different ways. A security vulnerability exists in libexpat version 2.5.0 and earlier versions, which stems from the need for many complete re-parses in the case of large tokens that require multiple buffer fills...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xerces-c (SUSE-SU-2024:0320-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0320-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the...

SUSE SLES12 Security Update : xerces-c (SUSE-SU-2024:0299-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0299-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw ha...

SUSE SLES15 Security Update : xerces-c (SUSE-SU-2024:0300-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0300-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw ha...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Ivy information disclosure vulnerabilitiy [CVE-2023-46751]

Summary Apache Ivy information disclosure vulnerabilitiy CVE-2023-46751, caused by improper handling of XML external entity XXE declarations by the XML parser. have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to...

USN-6612-1: TinyXML vulnerability

It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service...

USN-6590-1: Xerces-C++ vulnerabilities

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

Fedora: Security Advisory (FEDORA-2024-80e6578a01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...