Lucene search
K

91 matches found

Snyk
Snyk
added 2025/05/21 9:31 p.m.5 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the ManifestParser and AmazonS3 classes which use a SAXParser to parse XML files without properly configuring it to disable external entity processing. An attacker can access sensitive information o...

6.8CVSS7.5AI score0.0104EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2025/05/09 4:1 p.m.19 views

K000151254: libxml2 vulnerability CVE-2024-40896

Security Advisory Description In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible. CVE-2024-40896...

9.1CVSS7AI score0.01192EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/28 8:0 a.m.5 views

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

...

9.1CVSS6.8AI score0.01192EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/12/24 5:23 a.m.6 views

CVE-2024-40896

A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to "checked." This vulnerability allows classic XML External Entity XXE attacks. Mitigation Mitigati...

9.1CVSS6.8AI score0.01192EPSS
Exploits0References5
NVD
NVD
added 2024/12/23 5:15 p.m.10 views

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS0.01192EPSS
Exploits0References3
OSV
OSV
added 2024/12/23 5:15 p.m.8 views

UBUNTU-CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS6.9AI score0.01192EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/23 12:0 a.m.24 views

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

0.01192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/23 12:0 a.m.7 views

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.2AI score0.01192EPSS
Exploits0References2
OSV
OSV
added 2024/12/23 12:0 a.m.18 views

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS7AI score0.01192EPSS
Exploits0References5
CVE
CVE
added 2024/12/23 12:0 a.m.1397 views

CVE-2024-40896

CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...

9.1CVSS6.5AI score0.01192EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2024/12/23 12:0 a.m.5 views

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS8.1AI score0.01192EPSS
Exploits0References3
OSV
OSV
added 2024/11/05 3:39 a.m.5 views

USN-7091-1 ruby3.0, ruby3.2, ruby3.3 vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24....

8.7CVSS6.6AI score0.02064EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/09/18 9:15 p.m.6 views

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

5.9CVSS5.7AI score0.01205EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/09/16 6:8 p.m.7 views

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

5.9CVSS5.7AI score0.01205EPSS
Exploits0References6
Snyk
Snyk
added 2024/08/01 2:42 p.m.1 views

Uncontrolled Resource Consumption ('Resource Exhaustion')

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the SAX2 or pull parser API. An attacker can cause the application to consume excessive resources leading to a denial of service by...

7.5CVSS6.9AI score0.01192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.5 views

PT-2024-6222

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.11 through 2.11.8 libxml2 versions 2.12 through 2.12.8 libxml2 versions 2.13 through 2.13.2 Description The issue is related to the SAX parser in libxml2, which can produce events for external entities even if custom SAX...

9.4CVSS7.7AI score0.01192EPSS
Exploits0References52
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.14 views

Fedora: Security Advisory for pentaho-libxml (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02557EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.19 views

[SECURITY] Fedora 40 Update: pentaho-libxml-1.1.3-42.fc40

Pentaho LibXML is a namespace aware SAX-Parser utility library. It eases the pain of implementing non-trivial SAX input handlers...

8.8CVSS6.9AI score0.02557EPSS
Exploits3
OSV
OSV
added 2023/10/19 10:15 p.m.4 views

UBUNTU-CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

6.1CVSS5.6AI score0.0062EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.3 views

SUSE CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.3AI score0.07794EPSS
Exploits3References3
Rows per page
Query Builder