19641 matches found
Denial Of Service (DoS)
rexml is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient parsing of XML documents containing many specific characters such as , which can result in slow parsing times...
CVE-2024-39126
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...
CVE-2024-39126
CVE-2024-39126 : The vulnerability affects Roundup prior to 2.4.0, enabling cross-site scripting through JavaScript in PDF, XML, and SVG documents. The description and connected records confirm the issue, but do not provide exploitation details, affected vendor-specific patch versions, or concret...
REXML denial of service vulnerability
Impact The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities...
CVE-2024-39908
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...
[SECURITY] Fedora 40 Update: qt6-qtbase-6.7.2-3.fc40
Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...
Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22354
Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...
Ubuntu: Security Advisory (USN-6305-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6305-3: PHP regression
USN-6305-2 fixed a vulnerability in PHP. The update caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it. Original advisory details: It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1868)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
🚨 CVE-2024-34102 Exploit Script 🚨 Description This script...
CVE-2024-38374 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
CVE-2024-38374 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the...
Security Bulletin: Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.
Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are...
CVE-2024-28982
CVE-2024-28982 affects Hitachi Vantara Pentaho Business Analytics Server. Versions before 10.1.0.0 and 9.3.0.7, including 8.3.x, do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. Affected software: Hitachi Vantara Pentaho BI Serve...
Cross-site Scripting (XSS)
org.dspace:dspace-server-webapp is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by improper validation of download behavior for HTML, XML, or JavaScript Bitstreams, allowing embedded JavaScript to execute in the user's browser, which could potentially lead to XSS attacks...
CVE-2024-34580
CVE-2024-34580 affects Apache XML Security for C++ up to version 2.0.4. The vulnerability is an SSRF weakness in the KeyInfo element of the XML Digital Signature (XMLDsig) processing, allowing an SSRF payload to be processed via the signature mechanism. The CVSSv3.1 metrics indicate a Local attac...
CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...
CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execu...
GHSA-V2XM-76PQ-PHCF ClassGraph XML External Entity Reference
ClassGraph before 4.8.112 was not resistant to XML eXternal Entity XXE attacks...