Use After Free

PHP is vulnerable to use after free vulnerability. The vulnerability exists in the wddxstackdestroy function in ext/wddx/wddx.c in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset...

Out-Of-Bounds Read

PHP is vulnerable to out-of-bounds read attacks. This exists in the phpwddxpushelement function in ext/wddx/wddx.c which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

Use-After-Free

libxml2 is vulnerable to use-after-free vulnerability. This occurs in the xmlSAX2AttributeNs function in libxml2 which allows remote attackers to cause a denial of service via a crafted XML document that may lead to an application crash...

Xxe

The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked...

openSUSE Security Update : libreoffice (openSUSE-2019-642)

This update for libreoffice to 6.0.5.2 fixes the following issues : Security issues fixed : - CVE-2018-10583: An information disclosure vulnerability occurs during automatic processing and initiating an SMB connection embedded in a malicious file, as demonstrated by...

The vulnerability of the QXMLStreamReader function in the QXmlStream component of the cross-platform software development framework for Qt allows a perpetrator to cause a system failure or gain unauthorized access to information.

The vulnerability of the QXMLStreamReader function in the QXmlStream component of the cross-platform software development framework for Qt is related to double memory deallocation. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to...

MailEnable Cross-Site Scripting Vulnerability

MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in the mail settings in MailEnable versions prior to 8.60. The vulnerability can be exploited by an attacker to read local files or scan the internal network by sending the...

Design/Logic Flaw

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter...

CVE-2015-9280

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter...

XML Entity Expansion (XEE)

ruby is vulnerable to XML Entity Expansion XEE attacks. The vulnerability exists as the REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Enti...

Denial Of Service (Dos)

libxml2 is vulnerable to denial of service. An attacker is able to crash the application via a malicious XML document containing malformed XPath expressions...

Denial Of Service (DoS)

gnome-vfs2 is vulnerable to denial of service DoS attacks. The vulnerability exists as neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted...

Microsoft XmlDocument Class Privilege Vulnerability

Microsoft Windows 10, etc. are a series of operating systems released by Microsoft Corporation in the U.S. The XmlDocument class is one of the classes used to load XML into the document object model. An elevation vulnerability exists in the Microsoft XmlDocument class that can be exploited by a...

Debian: Security Advisory (DLA-1627-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-15518

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document...

XML External Entity (XXE)

c3p0 is vulnerable to XML external entity XXE attacks. The external entity expansion is not disabled in the XML parser, which would allow a remote attacker to perform XXE attacks via a crafted XML document. This CVE is also known as CVE-2019-5427...

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

Xxe

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...