CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

UBUNTU-CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

Xxe

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

CVE-2021-39239

CVE-2021-39239 affects Apache Jena’s XML processing (versions up to 4.1.0) and allows XML External Entity (XXE) attacks that can read local files from a remote attacker. Connected IBM advisories confirm multiple IBM products (e.g., DOORS Next, Jazz Reporting Service, Integration Bus) include this...

CVE-2021-39239 XML External Entity (XXE) vulnerability

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

PT-2021-7822 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: A stack-based buffer overflow issue exists in the command-line-parsing HandleFileArg functionality. The filepattern argument, which is under user control, is passed to strcpy without length checks, leading to a...

CVE-2021-32796

A flaw was found in nodejs-xmldom. The xmldom library is an open-source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Xmldom does not correctly escape special characters when serializing elements removed from their ancestor. This flaw may lead to...

CVE-2021-32796

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

CVE-2021-32796 Misinterpretation of malicious XML input in xmldom

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

CVE-2021-32796

CVE-2021-32796 affects the xmldom library where versions

CVE-2021-32796

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

GHSA-4HQ8-GMXX-H6W9 XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways

Summary IBM DataPower Gateways has addressed vulnerabilities in processing certain XML files that could cause a denial of service. Vulnerability Details CVEID: CVE-2015-5312 DESCRIPTION: An unspecified error in Libxml2 related to an entity expansion flaw has an unknown impact and attack vector...

CVE-2019-4730

IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172533...

Design/Logic Flaw

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

Pixar ruby-jss 安全漏洞

ruby-jss is a Ruby framework for interacting with the JAMF Software Server JSS REST API. A security vulnerability in Pixar ruby-jss versions prior to 1.6.0, which stems from Marshal's documented behavior and is loaded during XML document processing, can be exploited by a remote attacker to execut...

XStream Remote Code Execution Vulnerability (CNVD-2021-49071)

XStream is a Java class library , mainly used to serialize Java objects into XML or deserialized into objects that can be handled by the object type is almost unlimited . A remote code execution vulnerability exists in XStream versions 1.4.16 and earlier. The vulnerability stems from the fact tha...