Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2020-1640)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei Data Communication: Two DOS Vulnerabilities of XML Parser in Some Huawei Products (huawei-sa-20171201-01-xml)

XML parser have two DOS vulnerabilities in some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2019-15903)

Summary Prospect Server is affected by Expat XML parsing vulnarability CVE-2019-15903 which may result in a heap-based buffer over-read. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2020-0028)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been...

Huawei Products Multiple DoS Vulnerabilities (huawei-sa-20171201-01-xml)

Multiple Huawei products are prone to multiple denial of service vulnerabilities in the XML parser. This VT has been deprecated as a duplicate of the VT SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Medium: expat

Issue Overview: Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. CVE-2015-2716 Affecte...

Cisco Firepower Device Manager On-Box software Buffer Overflow Vulnerability

Cisco Firepower Device Manager FDM is a firewall device manager from Cisco USA. The product supports access rule configuration, system monitoring, etc. Cisco Firepower Device Manager On-Box software is one of the built-in software. A buffer overflow vulnerability exists in the XML parser code in...

CVE-2020-3310

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

CVE-2020-3310

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

Design/Logic Flaw

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

CVE-2020-3310

CVE-2020-3310 relates to Cisco Firepower Device Manager On-Box software where an XML parser in the On-Box component can be overwhelmed by a crafted XML file. An authenticated attacker (with admin rights or SSL VPN access) could cause the XML parser to crash, leading to system instability, memory ...

CVE-2020-2178

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2178

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2178

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2178

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2178

What’s affected: Jenkins Parasoft Findings Plugin (versions 10.4.3 and earlier) used in Jenkins. Root cause: The plugin’s XML parser is not configured to disable XML external entities (XXE) attacks. Impact: An attacker who can control input to the Parasoft Findings parser could cause the parser t...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2172

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2020-2138

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...