Prodigysml

**Name of the Vulnerable Software and Affected Versions** Pydantic versions prior to 2.4.0 Pydantic versions prior to 1.10.13 **Description** The issue is related to the use of regular expressions in the Pydantic library, which can lead to a denial of service when exploited by a remote attacker. This can be achieved via a crafted email string, allowing the attacker to cause a denial of service. **Recommendations** For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. For versions prior to 1.10.13, update to version 1.10.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Osmand versions prior to 2.1 **Description** The issue allows XXE (XML External Entity) attacks due to a problem in the binary/BinaryMapIndexReader.java file. This could potentially lead to unauthorized access to data. **Recommendations** For Osmand versions prior to 2.1, as a temporary workaround, consider restricting access to the binary/BinaryMapIndexReader.java file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azkaban versions prior to 3.84.1 **Description** The issue allows XXE (XML External Entity) attacks, which is related to the `XmlValidatorManager.java` and `XmlUserManager.java` files in the validator and user directories, respectively. This can potentially lead to unauthorized access to sensitive data. **Recommendations** For versions prior to 3.84.1, update to version 3.84.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `XmlValidatorManager` and `XmlUserManager` classes until a patch is available. Avoid using external XML entities in the affected modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mulesoft APIkit versions prior to 1.3.1 **Description** The issue allows XXE (XML External Entity) attacks due to a problem in the validation process, specifically in the RestXmlSchemaValidator.java file. This could potentially affect a large number of devices worldwide, although the exact number is not specified. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the `validation/RestXmlSchemaValidator.java` component until a patch is available. Restrict access to XML schema validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accenture Mercury versions prior to 1.12.28 **Description** An XXE issue exists due to the platformlambda/core/serializers/SimpleXmlParser.java component. This issue allows for potential exploitation. **Recommendations** For versions prior to 1.12.28, update to version 1.12.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the SimpleXmlParser.java component until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Quake3e versions prior to 5ed740d Description: The issue affects the component responsible for argument string creation, leading to a buffer overflow. This can result in possible code execution and denial of service. Recommendations: For versions prior to 5ed740d, update to a version that includes the fix for the buffer overflow issue to prevent possible code execution and denial of service.

Name of the Vulnerable Software and Affected Versions: libnmap versions prior to 0.6.3 Description: The issue is related to an XML injection vulnerability, similar to a Billion-Laughs style attack. This vulnerability can lead to a denial of service (DoS) by consuming resources. The component affected is the XML parsing functionality. The attack vector involves a specially crafted XML payload. Recommendations: For versions prior to 0.6.3, update to version 0.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XML parsing component to minimize the risk of exploitation. Avoid using the `NmapParser()` function with untrusted XML inputs until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: uLaunchELF versions prior to commit 170827a Description: The issue is related to a buffer overflow in the loader program, specifically in the loader.c component. This occurs because the loader program overly trusts the arguments provided via the command line. The impact of this issue is possible code execution and denial of service. Recommendations: For versions prior to commit 170827a, update to a version that includes the fix for the buffer overflow issue in the loader program. As a temporary workaround, consider restricting the use of command line arguments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** autopsy versions prior to 4.9.1 **Description** The issue concerns a XML External Entity (XXE) vulnerability in the CaseMetadata XML Parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via specially crafted CaseMetadata. **Recommendations** For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of CaseMetadata XML to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** runelite versions prior to 1.4.23 **Description** The issue concerns a XML External Entity (XXE) vulnerability in the Man in the middle runscape services call. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. **Recommendations** For versions prior to 1.4.23, update to version 1.4.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KeePassDX versions prior to 2.5.0.0beta18 **Description** The issue concerns a XML External Entity (XXE) vulnerability in the kdbx file parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. **Recommendations** For versions prior to 2.5.0.0beta18, update to a version newer than 2.5.0.0beta17 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SoftwareX versions prior to 5.0.0-RC4 **Description** The issue is related to a XML External Entity (XXE) vulnerability in the XML Parser for the REST Server. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. **Recommendations** For versions prior to 5.0.0-RC4, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** bw-calendar-engine versions prior to 3.12.0 **Description** The issue concerns a XML External Entity (XXE) vulnerability in the IscheduleClient XML Parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via a Man in the Middle or a malicious server. **Recommendations** For versions prior to 3.12.0, update to version 3.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the IscheduleClient XML Parser to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UML Designer versions prior to 8.0.0 **Description** The issue concerns a XML External Entity (XXE) vulnerability in the XML parser for plugins. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via a malicious plugins.xml file. **Recommendations** For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** codelibs fess versions before commit faa265b **Description** The issue is related to a XML External Entity (XXE) vulnerability in the GSA XML file parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via specially crafted GSA XML files. **Recommendations** For versions before commit faa265b, update to a version after commit faa265b to resolve the issue. As a temporary workaround, consider restricting the use of the GSA XML file parser until a patch is available. Avoid using specially crafted GSA XML files in the affected parser until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MegaMek versions prior to 0.45.1 **Description** The issue in MegaMek can result in disclosure of confidential data, denial of service, SSRF, and remote code execution due to a vulnerability in the Object Stream Connection. **Recommendations** For versions prior to 0.45.1, update to version 0.45.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FrostWire versions prior to 6.7.4-build-272 **Description** The issue concerns a XML External Entity (XXE) vulnerability that can be exploited via a man-in-the-middle attack during the software update process. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. **Recommendations** For versions prior to 6.7.4-build-272, update to a version newer than 6.7.4-build-272 to resolve the issue. As a temporary workaround, consider restricting access to the update mechanism to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubilling versions prior to 0.9.3 **Description** The issue concerns a user-controlled parameter that can lead to disclosure of confidential data, denial of service, SSRF, and remote code execution. **Recommendations** For Ubilling versions prior to 0.9.3, update to version 0.9.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MicroMathematics versions prior to commit 5c05ac8 **Description** The issue concerns a XML External Entity (XXE) vulnerability in SMathStudio files, which can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. This can be exploited through specially crafted SMathStudio files. **Recommendations** For versions prior to commit 5c05ac8, update to a version after commit 5c05ac8 to resolve the issue. As a temporary workaround, consider restricting the use of SMathStudio files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Anyplace versions prior to commit 80359b4 **Description** The issue is related to a XML External Entity (XXE) vulnerability in the Man in the middle on map API call. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. **Recommendations** For versions prior to commit 80359b4, update to a version after commit 80359b4 to resolve the issue. As a temporary workaround, consider restricting access to the map API call to minimize the risk of exploitation.