Lucene search
K

47 matches found

nvd
nvd
added 2015/08/14 6:59 p.m.22 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS7AI score0.0634EPSS
Exploits0References24
debiancve
debiancve
added 2015/08/14 6:0 p.m.32 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS7.7AI score0.0634EPSS
Exploits0
openvas
openvas
added 2015/07/01 12:0 a.m.25 views

Debian Security Advisory DSA 3298-1 (jackrabbit - security update)

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as https or file. Dependi...

6.4CVSS0.51488EPSS
Exploits6References1
cve
cve
added 2015/06/08 2:0 p.m.45 views

CVE-2015-3000

SysAid Help Desk before 15.2 is affected by an XML Entity Expansion (XEE) vulnerability that can be triggered via requests to /agententry, /rdsmonitoringresponse, or /androidactions, allowing denial of service through large nested entity references. Root cause is improper handling of XML entities...

7.8CVSS6.6AI score0.08033EPSS
Exploits4References5Affected Software1
cvelist
cvelist
added 2014/12/19 3:0 p.m.38 views

CVE-2014-8875

The XMLRPCcd function in lib/pear/XML/RPC.php in Revive Adserver before 3.0.6 allows remote attackers to cause a denial of service CPU and memory consumption via a crafted XML-RPC request, aka an XML Entity Expansion XEE attack...

6.4AI score0.02564EPSS
Exploits1References4
cve
cve
added 2014/12/19 3:0 p.m.52 views

CVE-2014-8875

Revive Adserver is affected by CVE-2014-8875 due to an XML Entity Expansion (XEE) vulnerability in the XML_RPC_cd function of lib/pear/XML/RPC.php. The advisory details that the Revive Adserver XML-RPC endpoints (delivery/XMLRPC and API endpoints) may be exploited by crafted XML payloads to exhau...

5CVSS6.5AI score0.02564EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2014/11/21 3:59 p.m.24 views

CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.6AI score0.056EPSS
Exploits1References20
cve
cve
added 2014/11/16 12:0 a.m.80 views

CVE-2014-2683

CVE-2014-2683 affects Zend Framework components (ZF1 < 1.12.4; ZF2 < 2.1.6,

5CVSS9.1AI score0.02372EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2014/11/16 12:0 a.m.31 views

CVE-2014-2683

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

9.3AI score0.02372EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2014/11/14 12:0 a.m.28 views

CVE-2014-8090

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS6.8AI score0.056EPSS
Exploits1References3
rubygems
rubygems
added 2014/10/27 12:0 a.m.32 views

CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.1AI score0.05538EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2014/10/06 11:55 p.m.24 views

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

5CVSS6.5AI score0.01336EPSS
Exploits0References3
prion
prion
added 2014/10/06 11:55 p.m.23 views

Design/Logic Flaw

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

5CVSS7AI score0.01336EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2014/10/06 11:0 p.m.26 views

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

6.5AI score0.01336EPSS
Exploits0References3
cve
cve
added 2014/10/06 11:0 p.m.66 views

CVE-2014-1868

The affected software is Restlet Framework, specifically version 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1. The root cause is processing XML with XMLRepresentation or XML serializers that allows an XML Entity Expansion (XEE) attack, leading to denial of service. No exploit details are provided....

5CVSS6.7AI score0.01336EPSS
Exploits0References3Affected Software1
friendsofphp
friendsofphp
added 2014/02/26 4:2 p.m.14 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
cve
cve
added 2013/09/16 7:0 p.m.85 views

CVE-2013-4202

OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...

4.3CVSS6.4AI score0.02604EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2013/09/16 7:0 p.m.63 views

CVE-2013-4202

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...

4.3CVSS9.3AI score0.02604EPSS
Exploits0
nvd
nvd
added 2013/04/09 9:55 p.m.26 views

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.9AI score0.06671EPSS
Exploits0References23
prion
prion
added 2013/04/09 9:55 p.m.24 views

Design/Logic Flaw

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.9AI score0.06671EPSS
Exploits0References23Affected Software1
Rows per page
Query Builder