Lucene search
K

12 matches found

AlmaLinux
AlmaLinux
added 2025/04/15 12:0 a.m.15 views

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to th...

7.5CVSS6.9AI score0.01569EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/10 12:12 a.m.23 views

CVE-2024-47582 XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application...

5.3CVSS0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.3 views

YamlBeans 代码问题漏洞

YamlBeans is an open source library from Esoteric Software. Can be easily Java object graph with YAML. A security vulnerability exists in Esoteric Software YamlBeans 1.15 and earlier versions, which stems from the ability of a carefully crafted YAML document to perform an XML entity expansion...

5.5CVSS5.6AI score0.00358EPSS
Exploits1References4
OSV
OSV
added 2021/07/11 8:53 a.m.8 views

OPENSUSE-SU-2021:1876-1 Security update for snakeyaml

This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...

7.5CVSS7.4AI score0.26723EPSS
Exploits1References4
OSV
OSV
added 2021/06/15 11:6 a.m.6 views

SUSE-SU-2021:1979-1 Security update for snakeyaml

This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...

7.5CVSS7.5AI score0.26723EPSS
Exploits1References4
OSV
OSV
added 2021/06/07 12:1 p.m.9 views

SUSE-SU-2021:1876-1 Security update for snakeyaml

This update for snakeyaml fixes the following issues: - Upgrade to 1.28 - CVE-2017-18640: The Alias feature allows entity expansion during a load operation bsc1159488, bsc1186088...

7.5CVSS7.5AI score0.26723EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.38 views

CentOS 8 : qt5-qtbase and qt5-qtwebsockets (CESA-2020:4690)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4690 advisory. - qt: XML entity expansion vulnerability CVE-2015-9541 - qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages...

8.6CVSS7AI score0.03012EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2018/09/24 8:51 p.m.33 views

CVE-2018-11761

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...

7.5CVSS4.2AI score0.09635EPSS
Exploits0References2
CNVD
CNVD
added 2015/03/19 12:0 a.m.1 views

IBM Rational DOORS Next Generation and Rational Requirements Composer Denial of Service Vulnerabilities

IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A security vulnerability exists in the XML parser of IBM...

7.8CVSS6.8AI score0.01328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2013/10/09 2:53 p.m.4 views

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...

7.8CVSS5.6AI score0.31646EPSS
Exploits0References4
Prion
Prion
added 2013/10/09 2:53 p.m.20 views

Design/Logic Flaw

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...

7.8CVSS7AI score0.31646EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/10/09 2:44 p.m.32 views

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...

6.4AI score0.31646EPSS
Exploits0References3
Rows per page
Query Builder