Lucene search
K

214 matches found

ICS
ICS
added 2020/03/10 12:0 a.m.56 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a...

9.1CVSS8.4AI score0.01286EPSS
Exploits0References5
OSV
OSV
added 2020/02/04 10:37 p.m.17 views

GHSA-MGH8-HCWJ-H57V Improper Restriction of XML External Entity Reference in Apache Olingo

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks...

5.5CVSS5.3AI score0.12245EPSS
Exploits5References8
ICS
ICS
added 2019/07/23 12:0 a.m.113 views

Mitsubishi Electric FR Configurator2

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...

7.1CVSS6AI score0.01019EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2019/07/05 9:7 p.m.31 views

Improper Restriction of XML External Entity Reference in DiffPlug Spotless

In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...

7.5CVSS0.9AI score0.01499EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2019/01/15 8:54 a.m.35 views

XML External Entity (XXE) To Read Files

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

5CVSS9.3AI score0.03213EPSS
Exploits0References36Affected Software4
GitLab Advisory Database
GitLab Advisory Database
added 2019/01/07 12:0 a.m.4 views

XML External Entity Reference in c3p0:c3p0

c3p0 allows XXE during initialization...

9.8CVSS7AI score0.04589EPSS
Exploits0References7
NVD
NVD
added 2018/12/24 4:29 p.m.15 views

CVE-2018-7837

An Improper Restriction of XML External Entity Reference 'XXE' vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its outp...

7.5CVSS8AI score0.01202EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/12/13 12:0 a.m.6 views

The vulnerability in the web interface of the Cisco Energy Management Suite, related to incorrect restrictions on XML references to external objects (XXE), allows an attacker to disclose or modify sensitive information.

The vulnerability in the web interface of the Cisco Energy Management Suite relates to incorrect restrictions on XML references to external objects XXE. Exploiting this vulnerability could allow an attacker to disclose or modify sensitive information...

7.5CVSS6.9AI score0.02008EPSS
Exploits1References3Affected Software1
ICS
ICS
added 2018/10/02 12:0 p.m.21 views

Philips iSite/IntelliSpace PACS Vulnerabilities (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Code/Source Code...

9.2AI score
Exploits0References49
ICS
ICS
added 2017/08/30 12:0 a.m.42 views

Siemens OPC UA Protocol Stack Discovery Service (Update E)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...

8.2CVSS8.4AI score0.02904EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2017/07/10 12:0 a.m.36 views

SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)

This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID bsc1044337 - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent bsc1024989 - CVE-2017-7375: Prevented an unwanted external entity reference...

10CVSS7.1AI score0.23694EPSS
Exploits0References13
OSV
OSV
added 2017/07/07 9:25 a.m.7 views

SUSE-SU-2017:1813-1 Security update for libxml2

This update for libxml2 fixes the following issues: Security issues fixed: CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID bsc1044337 CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent bsc1024989 CVE-2017-7375: Prevented an unwanted external entity reference bsc1044894...

10CVSS7.9AI score0.23694EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2017/07/07 12:0 a.m.41 views

openSUSE Security Update : libxml2 (openSUSE-2017-793)

This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2017-7376: Increase buffer space for port in HTTP redirect support bsc1044887 - CVE-2017-7375: Prevent unwanted external entity reference bsc1044894 This update was imported from the SUSE:SLE-12-SP2:Update update...

10CVSS7AI score0.23694EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/05/01 12:0 a.m.2 views

PT-2023-10261 · Libplist +2 · Libplist +2

Name of the Vulnerable Software and Affected Versions: libplist version 1.12 Description: A problematic issue has been found in the XML Handler component of libplist, specifically affecting the plist from xml function in the src/xplist.c file. This issue leads to an xml external entity reference...

9.8CVSS6.2AI score0.03799EPSS
Exploits6References35
Rows per page
Query Builder