CVE-2023-30951 CVE-2023-30951

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack XXE...

Oracle Linux 9 : libxml2 (ELSA-2023-4349)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-4349 advisory. - Fix CVE-2023-28484 2186694 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

GHSA-XQCQ-J8W9-3PXV Jettison parser crash by stackoverflow

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2023-38750

In Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed...

CVE-2023-38750

In Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed...

CVE-2023-38750

In Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed...

CVE-2023-38750

CVE-2023-38750 affects Zimbra Collaboration (ZCS) versions 8.x up to 8.8.15 Patch 41, 9.x up to 9.0.0 Patch 34, and 10.x up to 10.0.2, where internal JSP/XML files can be exposed (information disclosure). The vulnerability is linked to exposure of internal JSP and XML files and has been described...

CVE-2022-4909

Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. Chromium security severity: Low...

CVE-2022-4909

Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. Chromium security severity: Low...

CVE-2022-4909

CVE-2022-4909 describes an inappropriate XML implementation in Google Chrome/Chromium that could allow a remote attacker to bypass ASLR via a crafted HTML page. The vulnerability is reported as affecting Chrome/Chromium versions prior to 107.0.5304.62 (NVD entry cites 107.0.5304.62; Fedora adviso...

CVE-2022-4909

Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. Chromium security severity: Low...

XML External Entity (XXE) vulnerability in the XML data handler

TL;DR This vulnerability only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the affected methods. If you use an affected method and cannot rule out XML input controlled by an...

Zimbra issues awaited patch for actively exploited vulnerability

Two weeks ago, we urged readers to apply a workaround for an actively exploited vulnerability in Zimbra Collaboration Suite ZCS email servers. Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. Zimbra i...

Zimbra Collaboration Server 8.x < 8.8.15 Patch 41 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - A cross-site scripting XSS vulnerability in the Zimbra Classic Web Client. CVE-2023-37580 - A bug that could lead to exposure of internal JSP and XML files. CVE-2023-387...

CVE-2023-38490

Kirby CMS contains an XXE vulnerability (CVE-2023-38490) that affects older releases (pre-3.5.8.3, pre-3.6.6.3, pre-3.7.5.2, pre-3.8.4.1, pre-3.9.6) when sites or plugins use the Xml data handler (e.g., Data::decode($string, 'xml')) or Xml::parse(). The core does not use these methods, but site/p...

CVE-2023-38490 Kirby XML External Entity (XXE) vulnerability in the XML data handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

CVE-2023-38490 Kirby XML External Entity (XXE) vulnerability in the XML data handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the Xml data handler e.g. Data::decode$string, 'xml' or the Xml::parse method in site or plugin code. The Kirby core does not use any of the...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

Xxe

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...