CVE-2019-9628

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-755
View all →

Vulnerability Description

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Related Vulnerabilities

CVE-2011-4625

HIGH
CVSS:7.5(High)

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

CWE-7552011

CVE-2012-1109

HIGH
CVSS:7.5(High)

mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions

CWE-7552012

CVE-2015-2688

HIGH
CVSS:7.5(High)

buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of serv...

CWE-7552015

CVE-2016-11026

HIGH
CVSS:7.5(High)

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Sa...

CWE-7552016

CVE-2017-13199

HIGH
CVSS:7.5(High)

In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system proces...

CWE-7552017

CVE-2017-14178

HIGH
CVSS:7.5(High)

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's acces...

CWE-7552017