953 matches found
Design/Logic Flaw
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem...
CVE-2021-46163
Kentico Xperience 13.0.44 is affected by a cross-site scripting (XSS) vulnerability in the Media Libraries subsystem. The root cause is that the media subsystem does not validate input data, allowing crafted XML documents to inject script executed on the client. Impact is client-side code executi...
CVE-2021-46163
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem...
CVE-2021-46163
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem...
Jenkins Report Info XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Report Info. Authentication is required to exploit this vulnerability. The specific flaw exists within the PMD class. Due to the improper restriction of XML External Entity XXE...
The vulnerability in the parser.c component of the Libxml2 library, related to pointer dereferencing errors, allows attackers to trigger a denial-of-service attack.
The vulnerability of the parser.c component in the Libxml2 library is related to the lack of error handling during the analysis of XML content. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially created XML document...
CVE-2021-20838
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition by processing a specially crafted XML document...
Remote Code Execution (RCE)
ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing...
GHSA-VMFH-C547-V45H Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...
GHSA-4HQ8-GMXX-H6W9 XML Processing error in github.com/crewjam/saml
Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...
SUSE: Security Advisory (SUSE-SU-2018:3683-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
Design/Logic Flaw
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
CVE-2021-33575
The CVE affects the Pixar ruby-jss gem prior to 1.6.0. Affected component is ruby-jss which processes XML via the Plist gem, whose documented behavior uses Marshal.load, enabling remote code execution. Reported by multiple sources (Red Hat, OSV, NVD, Snyk, RubyGems advisories). Impact is rated hi...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...