CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

Input validation

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

CVE-2019-0340

CVE-2019-0340 affects SAP Enable Now; before version 1902 its XML parser is not hardened, enabling Missing XML Validation and local XXE disclosure via file upload at multiple locations. The NVD entry lists CVSSv3 base 5.4 (Medium) with network attack, low privileges, no user interaction. Connecte...

CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xerces-c Vulnerability (NS-SA-2019-0072)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xerces-c packages installed that are affected by a vulnerability: - A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an...

CVE-2018-14383

The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7...

CVE-2018-14383

The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7...

Design/Logic Flaw

The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7...

CVE-2019-14493

OpenCV vulnerability CVE-2019-14493 affects OpenCV prior to 4.1.1, due to a NULL pointer dereference in cv::XMLParser::parse (modules/core/src/persistence.cpp). The issue can lead to crashes (denial of service) as indicated by multiple advisories. Public details include references from Debian, Ub...

CVE-2019-10976

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...

CVE-2019-10976

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...

Input validation

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...

CVE-2019-10976

The CVE-2019-10976 vulnerability affects Mitsubishi Electric FR Configurator2 (versions 1.16S and prior). It arises from improper restriction/filtering of input to the XML parser when parsing .frc2 project/template files, allowing an attacker to read arbitrary files on open. ICSA/ICS guidance ind...

CVE-2019-10976

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...

See how I found Bol. com website the XXE vulnerability and successfully exploited-vulnerability warning-the black bar safety net

In a previous report, we learned a lot about in the visitor's browser to execute code knowledge; reflection typeXSSand a storage typeXSS. In addition, we also quickly see the error configuration of the server settings and Open Redirect open-type redirect to. Today, we will explore how from the...

EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1742)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,...

openSUSE Security Update : expat (openSUSE-2019-1777)

This update for expat fixes the following issues : Security issue fixed : - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons bsc1139937. This update was imported from the SUSE:SLE-15:Update update...

OPENSUSE-SU-2019:1777-1 Security update for expat

This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons bsc1139937. This update was imported from the SUSE:SLE-15:Update update...

Security update for expat (moderate)

openSUSE Security Update: Security update for expat Announcement ID: openSUSE-SU-2019:1777-1 Rating: moderate References: 1139937 Cross-References: CVE-2018-20843 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This...