XML External Entity (XXE) Processing in TYPO3 Core

All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external file content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see...

Fedora: Security Advisory (FEDORA-2024-4862425658)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-9ffc6cc7bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: mingw-libxml2-2.12.7-1.fc39

MinGW Windows libxml2 XML processing library...

Moderate: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2024:2987 Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

RHEL 5 : librsvg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - librsvg: SIGFPE is raised in boxblurline function of rsvg-filter.c CVE-2017-11464 - In xml.rs in GNOME...

CVE-2023-51604 Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

Security Bulletin: Enterprise Content Manager System Monitor For March 2024 - Multiple CVE adressed

Summary Enterprise Content Manager System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566...

BIT-JASPERREPORTS-2021-35496

The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AW...

CVE-2024-1892 ReDoS Vulnerability in scrapy/scrapy's XMLFeedSpider

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

CVE-2024-1167

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur...

Unrestricted file upload

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur...

CVE-2024-1167 SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur...

Xxe

Electronic Delivery Check System Doboku Ver.18.1.0 and earlier, Electronic Delivery Check System Dentsu Ver.12.1.0 and earlier, Electronic Delivery Check System Kikai Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML...

CVE-2024-21796

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

PYSEC-2023-296

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-3959

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently...

MGASA-2023-0279 Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...