187 matches found
JVN#01434915: Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
"Electronic Delivery Check System Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially craft...
JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...
CVE-2023-6194
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...
UBUNTU-CVE-2023-6194
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to...
CVE-2023-46802
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references XXE due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...
GHSA-2JC4-R94C-RP7H Apache Ivy External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2023-32639
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...
JVN#37857022: Improper restriction of XML external entity references (XXE) in Applicant Programme
Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. Solution Update the Software Update the software to the latest...
PT-2023-2955 · Unknown · Opc Factory Server
Name of the Vulnerable Software and Affected Versions: OPC Factory Server affected versions not specified Description: The issue is related to improper restriction of XML external entity references, which could allow a remote attacker to gain unauthorized read access to the file system. This can...
CVE-2023-25955
National land numerical information data conversion tool all versions improperly restricts XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker...
SUSE CVE-2009-1955
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
SUSE CVE-2014-3660
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...
SUSE CVE-2015-2942
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an 1 SVG file or 2 XMP metadata in a PDF file, aka a "billion laughs attack," ...
SUSE CVE-2016-3705
The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...
SUSE CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
Talend Open Studio for MDM 代码问题漏洞
Talend Open Studio for MDM is an open source software from Talend Open Source. It provides master data management, data management, integration and data quality in a single platform. A code issue vulnerability exists in Talend Open Studio for MDM that stems from unknown code in the component XML...
code-validator-api 代码问题漏洞
code-validator-api is an open source library of source code for vocabulary validator APIs and services from the Office of the National Coordinator for Health IT. A code-validator-api vulnerability exists in versions prior to 1.0.30. An attacker exploited this vulnerability to cause xml external...
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...