CVE-2022-39954

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5,...

CVE-2022-39954

An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5,...

SUSE CVE-2003-1564

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

SUSE CVE-2008-4226

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a large XML document...

SUSE CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service memory corruption via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected...

SUSE CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

XML External Entity (XXE) Injection

aXMLRPC is vulnerable to XML external entity attacks. The vulnerability exists because the library does not properly validate the XML documents submitted by the users via the parse function of ResponseParser.java, allowing an attacker to inject malicious XML documents to perform requests on behal...

Fedora 36 : libxml2 / xmlsec1 (2022-aeafd24818)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-aeafd24818 advisory. Update to 2.10.3 Fix CVE-2022-40303 Fix CVE-2022-40304 Tenable has extracted the preceding description block directly from the Fedora security...

Integer overflow

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Hancom Office 安全漏洞

Hancom Office is a mobile office program from the Korean company Hancom. The program supports viewing and editing documents in multiple formats. A security vulnerability exists in Hancom Office 2020, which originates from a buffer overflow in Hword when parsing XML-based office documents...

CVE-2022-28131 Stack exhaustion from deeply nested XML documents in encoding/xml

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5512-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5512-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

Oracle Linux 9 : thunderbird (ELSA-2022-5482)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-5482 advisory. 91.11.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires...

Updated firefox packages fix security vulnerability

If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution CVE-2022-2200. An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing...

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showe...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists during the navigations between XML documents causing a use-after-free which then leads an application crash...

Apache OpenMeetings does not correctly validate uploaded XML documents

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. The issue is fixed in version 3.3.0...

Nokogiri vulnerable to DoS while parsing XML documents

Nokogiri gem has Denial of Service via infinite loop when parsing XML documents...