100 matches found
SUSE CVE-2022-23476
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...
Unchecked Return Value
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Unchecked Return Value due to failing to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. Exploiting this vulnerability can lead ...
UBUNTU-CVE-2022-23476
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...
GHSA-QV4Q-MR5R-QPRJ Unchecked return value from xmlTextReaderExpand
Summary Nokogiri 1.13.8, 1.13.9 fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may...
Unchecked return value from xmlTextReaderExpand
Summary Nokogiri 1.13.8, 1.13.9 fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may...
CVE-2022-23476 Unchecked return value from xmlTextReaderExpand in Nokogiri
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...
Nokogiri 安全漏洞
Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in Nokogiri versions 1.13.8 and 1.13.9, which stems from a null pointer exception when parsing invalid markup due to a failure to check the return value of xmlTextReaderExpand in its...
Unchecked return value from xmlTextReaderExpand
Summary Nokogiri 1.13.8, 1.13.9 fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may...
GHSA-XFHG-9PJG-XG7G VTK NULL pointer dereference vulnerability
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may...
CVE-2018-1000825
FreeCol version = nightly-2018-08-22 contains a XML External Entity XXE vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file...
UBUNTU-CVE-2018-1000825
FreeCol version = nightly-2018-08-22 contains a XML External Entity XXE vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file...
PT-2018-9549 · Freecol +1 · Freecol +1
Name of the Vulnerable Software and Affected Versions: FreeCol versions prior to nightly-2018-08-23 Description: The issue concerns a XML External Entity XXE vulnerability in the FreeColXMLReader parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request...
XML External Entity (XXE)
pmml-model is vulnerable to XML external entity attacks. The doctype declaration is not disabled in the XML Reader which would potentially allow attackers to retrieve confidential data, perform server side request forgery or cause a denial of service condition...
Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader
Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...
WordPress Advanced XML Reader Plugin <= 0.3.4 - External Entity Injection
Because of this vulnerability, attackers can read system files or load the wp-config.php file. Solution Update the plugin...
WordPress Advanced XML Reader Plugin <= 0.3.4 - External Entity Injection
Because of this vulnerability, attackers can read system files or load the wp-config.php file. Solution Update the plugin...
UBUNTU-CVE-2015-0252
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service segmentation fault and crash via crafted XML data...
Advanced XML Reader 0.3.4 - XML External Entity (XXE) Injection
The advanced-xml-reader WordPress plugin was affected by a XML External Entity XXE Injection security vulnerability...
WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability
The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C: named "test.txt", which...
WordPress Advanced XML Reader 0.3.4 XXE Injection Vulnerability
WordPress Advanced XML Reader plugin version 0.3.4 suffers from a XXE XML eXternal Entity injection vulnerability The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks...