Lucene search
K

98 matches found

RedHat Linux
RedHat Linux
added 2020/12/03 7:16 p.m.2 views

jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

7.5CVSS7.3AI score0.17611EPSS
Exploits0References5
NVD
NVD
added 2020/12/03 5:15 p.m.20 views

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

7.5CVSS7.4AI score0.17611EPSS
Exploits0References71
RedHat Linux
RedHat Linux
added 2020/10/28 9:11 p.m.3 views

jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

7.5CVSS7.3AI score0.17611EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2020/10/13 8:16 p.m.63 views

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity. Mitigation There is currently no known mitigation for this flaw...

7.5CVSS2.4AI score0.17611EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2020/04/15 4:17 p.m.45 views

Tencent Ups Top Bug-Bounty Award to $15K

The Tencent Security Response Center TSRC is launching an expanded bug-bounty program, via the HackerOne white-hat platform – and the company has increased its top reward to $15,000. Tencent, a China-based global internet service provider, is opening up its existing bug-bounty program to...

8.4AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2020/03/31 7:37 a.m.29 views

CVE-2020-2138

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.1CVSS4.3AI score0.00926EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.4 views

PT-2020-15355 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin versions 3.6.6 and earlier Description: The issue allows a user with Overall/Read access to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins...

7.1CVSS6.8AI score0.01081EPSS
Exploits0References8
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.23 views

CVE-2020-2115

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

8.8AI score0.0115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.10 views

PT-2020-15327 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.30 and earlier Description: The issue allows a user who can control the input files for the post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the...

8.8CVSS8.5AI score0.0115EPSS
Exploits0References8
Veracode
Veracode
added 2019/06/14 3:53 a.m.14 views

Unsafe Deserialization

shopware/shopware is vulnerable to XML external entity attacks via unsafe deserialization. The sort parameter in the function loadPreviewAction in the ShopwareControllersBackendProductStream controller is not validated before PHP object instantiation is performed, which would allow an attacker to...

8.8CVSS6.6AI score0.54681EPSS
Exploits6References2Affected Software1
OSV
OSV
added 2019/01/04 7:9 p.m.1 views

GHSA-X2W5-5M2G-7H5M XML External Entity Reference (XXE) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

9.8CVSS7.1AI score0.07524EPSS
Exploits0References34
OSV
OSV
added 2019/01/02 6:29 p.m.1 views

DEBIAN-CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

9.8CVSS7.1AI score0.07524EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/01/02 6:0 p.m.24 views

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

9.5AI score0.07524EPSS
Exploits0References32
OSV
OSV
added 2018/07/26 3:29 p.m.25 views

CVE-2017-7545

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML...

6.5CVSS6.7AI score0.02756EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/02/24 2:0 a.m.26 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS9.4AI score0.02954EPSS
Exploits1
OSV
OSV
added 2018/01/03 3:50 p.m.17 views

MGASA-2018-0048 Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

10CVSS7.7AI score0.23694EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2017/12/12 5:40 p.m.51 views

Moderate: Red Hat Security Advisory: rh-java-common-lucene security update

An update for rh-java-common-lucene is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.2AI score0.91896EPSS
Exploits11References3
OSV
OSV
added 2017/11/17 2:29 p.m.17 views

CVE-2017-10889

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity XXE attacks via unspecified vectors...

4.3CVSS6.7AI score
Exploits0References2
Broadcom
Broadcom
added 2017/11/17 12:0 a.m.9 views

BSA-2017-470

Security Advisory ID : BSA-2017-470 Component : Expand Entity References Revision : 1.0: Interim The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote...

5CVSS9.1AI score0.02752EPSS
Exploits0
NVD
NVD
added 2017/11/08 4:29 p.m.28 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.5AI score0.09946EPSS
Exploits1References4
Rows per page
Query Builder