214 matches found
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a...
GHSA-MGH8-HCWJ-H57V Improper Restriction of XML External Entity Reference in Apache Olingo
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks...
Mitsubishi Electric FR Configurator2
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...
Improper Restriction of XML External Entity Reference in DiffPlug Spotless
In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...
XML External Entity (XXE) To Read Files
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
XML External Entity Reference in c3p0:c3p0
c3p0 allows XXE during initialization...
CVE-2018-7837
An Improper Restriction of XML External Entity Reference 'XXE' vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its outp...
The vulnerability in the web interface of the Cisco Energy Management Suite, related to incorrect restrictions on XML references to external objects (XXE), allows an attacker to disclose or modify sensitive information.
The vulnerability in the web interface of the Cisco Energy Management Suite relates to incorrect restrictions on XML references to external objects XXE. Exploiting this vulnerability could allow an attacker to disclose or modify sensitive information...
Philips iSite/IntelliSpace PACS Vulnerabilities (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Code/Source Code...
Siemens OPC UA Protocol Stack Discovery Service (Update E)
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)
This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID bsc1044337 - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent bsc1024989 - CVE-2017-7375: Prevented an unwanted external entity reference...
SUSE-SU-2017:1813-1 Security update for libxml2
This update for libxml2 fixes the following issues: Security issues fixed: CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID bsc1044337 CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent bsc1024989 CVE-2017-7375: Prevented an unwanted external entity reference bsc1044894...
openSUSE Security Update : libxml2 (openSUSE-2017-793)
This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2017-7376: Increase buffer space for port in HTTP redirect support bsc1044887 - CVE-2017-7375: Prevent unwanted external entity reference bsc1044894 This update was imported from the SUSE:SLE-12-SP2:Update update...
PT-2023-10261 · Libplist +2 · Libplist +2
Name of the Vulnerable Software and Affected Versions: libplist version 1.12 Description: A problematic issue has been found in the XML Handler component of libplist, specifically affecting the plist from xml function in the src/xplist.c file. This issue leads to an xml external entity reference...