CVE-2023-44412 D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability

D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-42035

Summary: CVE-2023-42035 affects Visualware MyConnection Server, arising from the doIForward method and improper restriction of XML External Entity (XXE) references. A crafted XML document can cause the parser to retrieve a URI and embed its contents back into the XML, leading to information discl...

CVE-2023-40507 LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-40507

The provided sources confirm a concrete vulnerability in LG Simple Editor: an XML External Entity (XXE) handling flaw in the copyContent command. A crafted document with a URI causes the XML parser to fetch the URI and embed its contents back into the XML, allowing a remote attacker to disclose i...

CVE-2023-40506 LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability

LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-40506

LG Simple Editor is affected by a XXE-based information disclosure in the copyContent command. The flaw arises from improper restriction of XML External Entity references, allowing a crafted document to cause the XML parser to fetch a URI and embed its contents back into the document (SYSTEM cont...

CVE-2023-40503

CVE-2023-40503 concerns LG Simple Editor. The flaw is in the saveXmlFile method, where improper restriction of XML External Entity (XXE) references allows a crafted document to cause the XML parser to fetch a URI and embed its contents back into the XML, enabling information disclosure in the SYS...

CVE-2023-39472

CVE-2023-39472 — Inductive Automation Ignition is affected through the SimpleXMLReader’s XML External Entity (XXE) handling, where a crafted XML can trigger the parser to fetch a URI and embed its contents, enabling information disclosure in the SYSTEM context. Exploitation requires authenticatio...

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

Fedora: Security Advisory for mingw-expat (FEDORA-2024-40b98c9ced)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-afb73e6f62)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for decentxml (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for xerces-j2 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for fasterxml-oss-parent (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xerces-j2-2.12.2-10.fc40

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework for building parser components and configurations that is extremely modul...

[SECURITY] Fedora 40 Update: fasterxml-oss-parent-58-2.fc40

FasterXML is the business behind the Woodstox streaming XML parser, Jackson streaming JSON parser, the Aalto non-blocking XML parser, and a growing family of utility libraries and extensions. FasterXML offers consulting services for adoption, performance tuning, and extension. This package contai...

[SECURITY] Fedora 40 Update: decentxml-1.4-35.fc40

XML parser optimized for round-tripping and code reuse with main features being: Allows 100% round-tripping, even for weird white-space between attributes in the start tag or in the end tag Suitable for building editors and filters which want/need to preserve the original file layout as much as...

Amazon Linux 2 : xerces-c (ALAS-2024-2476)

The version of xerces-c installed on the remote host is prior to 3.1.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2476 advisory. Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE...

AZL-55883 CVE-2024-23807 affecting package xerces-c for versions less than 3.2.4-2

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...