Lucene search
K

187 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.26 views

JVN#01434915: Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"

"Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially craft...

5.5CVSS5.3AI score0.00214EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/23 12:0 a.m.22 views

JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...

5.5CVSS5.3AI score0.00195EPSS
Exploits0
OSV
OSV
added 2023/12/11 2:15 p.m.3 views

CVE-2023-6194

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...

7.1CVSS5.8AI score0.00306EPSS
Exploits1References3
OSV
OSV
added 2023/12/11 2:15 p.m.16 views

UBUNTU-CVE-2023-6194

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...

7.1CVSS5.8AI score0.00306EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/11/06 1:25 a.m.24 views

CVE-2023-46802

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references XXE due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

5.7AI score0.00195EPSS
Exploits0References2
OSV
OSV
added 2023/08/21 9:30 a.m.11 views

GHSA-2JC4-R94C-RP7H Apache Ivy External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.8CVSS7.3AI score0.01855EPSS
Exploits0References8
NVD
NVD
added 2023/07/25 4:15 a.m.10 views

CVE-2023-32639

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

5.5CVSS5.6AI score0.00195EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/07/24 12:0 a.m.24 views

JVN#37857022: Improper restriction of XML external entity references (XXE) in Applicant Programme

Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the latest...

5.5CVSS5.4AI score0.00195EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-2955 · Unknown · Opc Factory Server

Name of the Vulnerable Software and Affected Versions: OPC Factory Server affected versions not specified Description: The issue is related to improper restriction of XML external entity references, which could allow a remote attacker to gain unauthorized read access to the file system. This can...

5.5CVSS5.3AI score0.0017EPSS
Exploits0References5
NVD
NVD
added 2023/04/11 9:15 a.m.23 views

CVE-2023-25955

National land numerical information data conversion tool all versions improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...

5.5CVSS5.5AI score0.00226EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.5 views

SUSE CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

7.5CVSS8.7AI score0.52988EPSS
Exploits2References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.5 views

SUSE CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...

5CVSS6.7AI score0.03988EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.3 views

SUSE CVE-2015-2942

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an 1 SVG file or 2 XMP metadata in a PDF file, aka a "billion laughs attack," ...

7.1CVSS6.6AI score0.02834EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.4 views

SUSE CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

7.5CVSS8.9AI score0.05103EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.7 views

SUSE CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS8.7AI score0.04278EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.5 views

Talend Open Studio for MDM 代码问题漏洞

Talend Open Studio for MDM is an open source software from Talend Open Source. It provides master data management, data management, integration and data quality in a single platform. A code issue vulnerability exists in Talend Open Studio for MDM that stems from unknown code in the component XML...

9.8CVSS6.3AI score0.00669EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/29 12:0 a.m.3 views

code-validator-api 代码问题漏洞

code-validator-api is an open source library of source code for vocabulary validator APIs and services from the Office of the National Coordinator for Health IT. A code-validator-api vulnerability exists in versions prior to 1.0.30. An attacker exploited this vulnerability to cause xml external...

9.8CVSS6.7AI score0.00716EPSS
Exploits0References6
NVD
NVD
added 2022/08/26 6:15 p.m.13 views

CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

7.5CVSS0.04563EPSS
Exploits1References3
OSV
OSV
added 2022/08/26 6:15 p.m.6 views

CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

7.5CVSS7.4AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/08/26 6:15 p.m.41 views

CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

7.5CVSS7.1AI score0.04563EPSS
Exploits1References3
Rows per page
Query Builder