GHSA-Q8R6-5HFW-5JFF guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator

Impact guzzlehttp/guzzle-services does not safely serialize scalar XML element values containing the CDATA terminator . The XML request serializer writes values containing , or & with XMLWriter::writeCData$value. If attacker-controlled input contains , the CDATA section closes early and the...

VulnCheck KEV: CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

EUVD-2018-12729

Malware in sbrugna...

EUVD-2014-0395

Malware in sbrugna...

EUVD-2017-0106

Malware in sbrugna...

EUVD-2015-9122

Malware in sbrugna...

EUVD-2017-8913

Malware in sbrugna...

Malicious Package

Overview xml-request-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in xml-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47024 Malicious code in xml-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

SUSE CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

SUSE CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...

SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...

CLSA-2022-1648136371 Fix of CVE: CVE-2022-22721, CVE-2022-23943, CVE-2022-22719, CVE-2022-22720

CVE-2022-22719: modlua: error out if luareadbody or luawritebody fail - CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-23943: modsed: use sizet to allow for larger...

CLSA-2022-1648136327 Fix CVE(s): CVE-2022-23943, CVE-2022-22720, CVE-2022-22721, CVE-2022-22719

SECURITY UPDATE: modlua Use of uninitialized value of in r:parsebody - debian/patches/CVE-2022-22719.patch: refactor luareadbody in order to catch all possible errors - CVE-2022-22719 SECURITY UPDATE: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier -...

USN-5333-2 apache2 vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

USN-5333-1 apache2 vulnerabilities

Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2022-22719 James Kettle discovered that the Apache HTTP Serv...