Important: expat security update

Expat is a C library for parsing XML documents. Security Fixes: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in "xmlns:prefix" attribute values can lead to arbitrary code execution CVE-2022-25236 expat:...

Kentico Cross-Site Scripting Vulnerability (CNVD-2022-03949)

A cross-site scripting vulnerability exists in Kentico Xperience, an ASP.NET-based content management system CMS from Kentico U.S. The vulnerability stems from the fact that the product's media subsystem does not validate input data. An attacker could cause client-side code execution via XML...

Kentico 跨站脚本漏洞

A cross-site scripting vulnerability exists in Kentico Xperience, an ASP.NET-based content management system CMS from Kentico U.S. The vulnerability stems from the fact that the product's media subsystem does not validate input data. An attacker could cause client-side code execution via XML...

Easy-XML XML External Entity Injection Vulnerability

Easy-Xml is used to provide a simplified view of Xml documents.Easy-XML is vulnerable to XML external entity injection, which stems from errors such as configuration during the operation of a network system or product, and can be exploited by an unauthorized attacker to obtain sensitive informati...

Fedora: Security Advisory for jdom2 (FEDORA-2021-3cb0d02576)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-28095

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32...

Design/Logic Flaw

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32...

DEBIAN-CVE-2021-32796

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

Code injection

redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host...

SAP Process Integration Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-36675)

SAP Process Integration is a middleware provided by SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems external to the company. A privilege permission and access control issue vulnerability exists in SAP Process Integration versions 7.10,...

yWorks yEd XXE Vulnerability

yWorks yEd is a graphical editor desktop application. A XXE vulnerability exists in versions prior to yWorks yEd 3.20.1. The vulnerability can be exploited by an attacker to conduct XXE attacks via XML or GraphML documents...

ReportLab: Arbitrary code execution

Background ReportLab is an Open Source Python library for generating PDFs and graphics. Description ReportLab was found to be mishandling XML documents and may evaluate the contents without checking for their safety. Impact A remote attacker could possibly execute arbitrary code with the privileg...

GLSA-202007-35 : ReportLab: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202007-35 ReportLab: Arbitrary code execution ReportLab was found to be mishandling XML documents and may evaluate the contents without checking for their safety. Impact : A remote attacker could possibly execute arbitrary code wi...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Google Chrome Information Disclosure Vulnerability (CNVD-2020-14821)

Google Chrome is a web browser from Google, an American company. An information disclosure vulnerability exists in Google Chrome versions prior to 3.0, which stems from the program's failure to properly process XML documents. A remote attacker could exploit the vulnerability to obtain sensitive...

Ubuntu: Security Advisory (USN-4273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-6856

An XML External Entity XEE vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders...

CVE-2010-3917

Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site...

Code injection

Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site...

CVE-2010-3917

Removed by vendor...