When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.Īn issue was discovered in libxml2 before 2.10.4. Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. Shenzen Tenda Technology IP Camera CP3 V11.041355 allows unauthenticated remote code execution via an XML document. ![]() There are no known workarounds apart from upgrading to a version including the fix. ![]() This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid ` are removed in all attribute names.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |