Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper ent
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that ref
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same down
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of serv
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An atta
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input fi
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted D
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, poten
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by settin
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283
An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead t
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation lea
An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a
Page 1+ Next →