CVE-2023-34411

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service panic via an invalid ! token such as !DOCTYPEs/%!A nesting in an XML document. The earliest affected version is 0.8.9...

CVE-2023-30353

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document...

CVE-2023-30353

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document...

Remote code execution

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document...

PT-2023-22649 · Tenda · Tenda Ip Camera Cp3

Name of the Vulnerable Software and Affected Versions: Shenzen Tenda Technology IP Camera CP3 version 11.10.00.2211041355 Description: The issue allows unauthenticated remote code execution via an XML document. Recommendations: For version 11.10.00.2211041355, at the moment, there is no informati...

CVE-2023-30353

Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document...

CVE-2023-30353

Affected product: Shenzen Tenda Technology IP Camera CP3, version V11.10.00.2211041355. Vulnerability: unauthenticated remote code execution via an XML document. CVSSv3.1: 9.8 (CRITICAL), AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Root cause and precise exploit details are not provided in the documents...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-163)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-163 advisory. A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing...

Amazon Linux 2 : libxml2 (ALAS-2023-2021)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2021 advisory. A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484...

Debian dla-3405 : libxml2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3405 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected]...

SUSE SLES12 Security Update : libxml2 (SUSE-SU-2023:2054-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2054-1 advisory. - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

CVE-2023-26057

The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...

Security Bulletin: Vulnerabilities in Libxml2 affect System x Integrated Management Module (IMM) (CVE-2014-0191, CVE-2014-3660)

Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details Summary Security vulnerabilities have been discovered in libxml2 which affect System x Integrated Management Module IMM. Vulnerability Details CVE-ID:...

SUSE CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Vulnerability (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by a vulnerability: - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forb...

Medium: libxml2

Issue Overview: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow,...

XML External Entity (XXE)

owslib is vulnerable to XML External Entity XXE. The vulnerability is due to allowing lxml entity resolution, which allows an attacker to read arbitrary files by parsing a crafted XML document...

K43314223: libxml2 vulnerability CVE-2016-1835

Security Advisory Description Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. CVE-2016-1835 Impact Allows an attacke...