2720 matches found
SUSE CVE-2018-1311
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...
SUSE CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251...
SUSE CVE-2019-14493
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp...
SUSE CVE-2019-19956
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs...
SUSE CVE-2020-2247
Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
SUSE CVE-2020-14940
An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...
SUSE CVE-2022-22825
lookup in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
SUSE CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...
Ubuntu: Security Advisory (USN-4784-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-3PPR-72X5-X67Q XML external entity vulnerability on agents in Jenkins MSTest Plugin
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
GHSA-H8P8-6378-649P XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24443
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24441
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24430
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-24441
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...