CVE-2018-2477

Knowledge Management XMLForms in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source...

Dom4j contains a XML Injection vulnerability

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

Moderate severity vulnerability that affects activesupport

Withdrawn, accidental duplicate publish. The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

CVE-2018-2462

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...

GHSA-FR52-4HQW-P27F Nokogiri does not forbid namespace nodes in XPointer ranges

xpointer.c in libxml2 before 2.9.5 as used in nokogiri before 1.7.1 amongst other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and memory corruption via a crafted XML document...

Nokogiri does not forbid namespace nodes in XPointer ranges

xpointer.c in libxml2 before 2.9.5 as used in nokogiri before 1.7.1 amongst other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and memory corruption via a crafted XML document...

Red Hat JBoss Core Services libxml2 Denial of Service Vulnerability

Red hat JBoss Core Services is the United States Red Hat Red Hat, Inc. provides a variety of intermediate section of the tool set. libxml2 is the GNOME project team developed a C-based language used to parse XML documents library, which supports a variety of encoding formats, Xpath parsing,...

Input validation

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

CVE-2016-9596

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service stack consumption via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627...

Out-of-bounds

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483...

Design/Logic Flaw

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service stack consumption via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627...

CVE-2016-9596

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service stack consumption via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627...

CVE-2016-9598

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483...

CVE-2016-9598

CVE-2016-9598 affects libxml2 as used in Red Hat JBoss Core Services. The vulnerability is a denial-of-service due to an out-of-bounds read in libxml2 triggered by a specially crafted XML document, which can crash the application. Note that this issue exists because of a missing fix for CVE-2016-...

CVE-2016-9598

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483...

XML External Entities (XXE)

libxml2 is vulnerable to XML external entity attacks. The xmlParserHandlePEReference function in parser.c allows external parameter entities to be loaded regardless of whether entity substitution or validation is enabled. This allows an attacker to cause a denial of service condition or an...

Apache CXF Denial of Service Vulnerability (CNVD-2018-12677)

Apache CXF is an open source service framework . CXF uses front-end programming APIs such as JAX-WS and JAX-RS to help you build and develop services. A denial of service vulnerability exists in Apache CXF due to an Apache CXF Fediz XML DTD handling flaw that can be exploited by an attacker to...

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in libxml2 that is embedded in FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2016-4658 DESCRIPTION: The libxml2 library, as used in multiple products, could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)

Summary Prospect Core 8.0.7 Server is impacted by a denial of service vulnerability in Expat caused by the improper handling of internal entity expansion. Vulnerability Details CVEID: CVE-2013-0340 DESCRIPTION: Expat is vulnerable to a denial of service, caused by the improper handling of interna...