32 matches found
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...
SUSE-SU-2020:2609-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun bsc1161521. - CVE-2020-7595: Fixed an infinite loop in an EOF situation bsc1161517. - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal bsc1176179. - Fixed invali...
DEBIAN-CVE-2020-15562
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...
MGASA-2020-0271 Updated libxml2 packages fix security vulnerability
Updated libxml2 packages fix security vulnerability: The fix for CVE-2019-19956 introduced regressions which can cause invalid xmlns references in output and memory leaks, possibly leading to more serious security issues. The broken fix has been reverted...
Google Maps Plugin Cross-Site Scripting Vulnerability in Joomla!
Joomla! Google Maps is a Joomla! module or component that displays Google Maps on one or more content pages. A cross-site scripting vulnerability in the Joomla! Google Maps plugin allows remote attackers to inject arbitrary web script or HTML via xmlns parameters...
CVE-2013-7430
Cross-site scripting XSS vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter...
OpenJDK: null xmlns handling issue (Security, 8025026)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not...