Rocky Linux 8 : expat (RLSA-2020:4484)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4484 advisory. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount...

F5 Networks BIG-IP : Expat XML parser vulnerability (K51011533)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 13.1.5 / 14.1.4.2 / 14.1.4.5 / 15.1.3 / 15.1.4 / 16.0.1.2 / 16.1.0 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K51011533 advisory. - In libexpat in Expat before 2.2.7, X...

Fedora: Security Advisory for mingw-xerces-c (FEDORA-2023-1332ed94a7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: mingw-xerces-c-3.2.4-1.fc37

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Ubuntu 16.04 ESM : VTK vulnerabilities (USN-4852-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4852-1 advisory. It was discovered that VTK incorrectly handled certain XML files in the embedded Expat library. An attacker could possibly use this issue to cause a deni...

OSV-2023-1000 Heap-use-after-free in xmlParserPrintFileContextInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63157 Crash type: Heap-use-after-free READ 1 Crash state: xmlParserPrintFileContextInternal xmlReportError xmlRaiseError...

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service

Summary There are multiple vulnerabilities in Apache Xerces2 Java XML Parser is used by IBM Jazz Reporting Service. IBM has addressed the relevant CVEs CVE-2012-0881, CVE-2013-4002, CVE-2022-23437 Vulnerability Details CVEID:CVE-2012-0881 DESCRIPTION: Apache Xerces2 Java is vulnerable to a denial...

Security Bulletin: Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing

Summary Vulnerability in Apache Xerces2 Java XML Parser affect IBM Engineering Lifecycle Optimization - Publishing Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuadi...

Security Bulletin: Vulnerabilities in xercesImpl library affects IBM Engineering Test Management (ETM) (CVE-2022-23437)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the...

CVE-2023-38343

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

CVE-2023-38343

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

Xxe

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

CVE-2023-38343

An XXE XML external entity injection vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery...

Vulnerability of the utils/xml_parser.c:1038, filters/dasher.c:8146, utils/alloc.c:170, filters/dasher.c:6332, filters/dasher.c:7389, filter_core/filter_pck.c:434 components of the multimedia platform GPAC, which allows a violator to trigger a service failure

The vulnerability in utils/xmlparser.c:1038, filters/dasher.c:8146, utils/alloc.c:170, filters/dasher.c:6332, filters/dasher.c:7389, and filtercore/filterpck.c:434 of the multimedia platform GPAC is related to the use of a zero pointer. Exploiting this vulnerability could allow an attacker to cau...

Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Application Performance Management products

Summary Apache Xerces2 Java XML Parser is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a...

ROS-20230911-03

A vulnerability in the XMLExternalEntityParserCreate function of the XML parser library libexpat is related to a post-release exploit. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Security Bulletin: Decision Optimization in IBM Cloud Pak for Data is vulnerable to Natural Intelligence fast-xml-parser denial of service (CVE-2023-34104)

Summary Decision Optimization in IBM Cloud Pak for Data is vulnerable to a denial of service of Natural Intelligence fast-xml-parser with details below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-34104 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerabl...

Oracle Linux 7 : expat (ELSA-2020-1011)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1011 advisory. 2.1.0-11 - add security fix for CVE-2015-2716 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

GHSA-GHJW-FCF6-RPR9 Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...