CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

134 matches found

ATTACKERKB•added 2022/08/16 10:15 a.m.•2 views

CVE-2022-2838

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...

5.3CVSS6.2AI score0.00206EPSS

Exploits0References2Affected Software1

CVE•added 2022/07/27 8:20 p.m.•108 views

CVE-2021-42537

CVE-2021-42537 affects VISAM VBASE Editor (and VBASE 11.6.0.6) where processing XML documents can embed external-entity references, leading to output containing incorrect documents. The issue is tied to improper restriction of XML external entity references (CWE-611) in VISAM VBASE Editor 11.6.0....

7.5CVSS6.7AI score0.00189EPSS

Exploits0References1Affected Software1

Github Security Blog•added 2022/05/13 1:31 a.m.•18 views

XXE vulnerability in Jenkins Job Import Plugin

An XML external entity XXE processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to rea...

9.1CVSS3.9AI score0.0011EPSS

Exploits0References3Affected Software1

Zero Day Initiative•added 2022/04/28 12:0 a.m.•17 views

(0Day) Delta Industrial Automation DRAS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

5.5CVSS2.5AI score

Exploits0

Zero Day Initiative•added 2022/04/05 12:0 a.m.•18 views

Schneider Electric SCADAPack Workbench isasln File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Schneider Electric SCADAPack Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

5.5CVSS2.6AI score0.0023EPSS

Exploits0References1

OpenVAS•added 2022/01/04 12:0 a.m.•12 views

SUSE: Security Advisory (SUSE-SU-2018:2899-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.0051EPSS

Exploits0References2

Zero Day Initiative•added 2021/11/16 12:0 a.m.•21 views

Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins pom2config. Authentication is required to exploit this vulnerability. The specific flaw exists within the Pom2Config class. Due to the improper restriction of XML External Entity XXE...

6.5CVSS5.9AI score0.00275EPSS

Exploits0References1

Zero Day Initiative•added 2021/04/22 12:0 a.m.•18 views

Oracle OSS Support Tools Diagnostic Assistant XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle OSS Support Tools. Authentication is required to exploit this vulnerability. The specific flaw exists within the Diagnostic Assistant component. Due to the improper restriction of XML...

4.9CVSS3.3AI score0.00838EPSS

Exploits0References1

CNVD•added 2021/03/05 12:0 a.m.•7 views

Micro Focus Solutions Business Manager Code Issue Vulnerability

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A security...

8CVSS7AI score0.00109EPSS

Exploits0References1

NVD•added 2021/02/26 4:15 a.m.•10 views

CVE-2019-18943

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing XXE on certain operations...

8CVSS0.00109EPSS

Exploits0References1

Prion•added 2021/02/26 4:15 a.m.•9 views

Xxe

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing XXE on certain operations...

5.2CVSS7.8AI score0.00109EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/02/26 3:32 a.m.•14 views

CVE-2019-18943 XML External Entity processing

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing XXE on certain operations...

6.1CVSS7.8AI score0.00109EPSS

Exploits0References1

CNNVD•added 2021/02/25 12:0 a.m.•2 views

Micro Focus Solutions Business Manager 代码问题漏洞

8CVSS7.2AI score0.00109EPSS

Exploits0References2

NVD•added 2020/11/09 11:15 p.m.•10 views

CVE-2020-27017

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an XML External Entity Processing XXE vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to...

4.9CVSS5AI score0.00998EPSS

Exploits2References2

CVE•added 2020/11/09 11:10 p.m.•36 views

CVE-2020-27017

Trend Micro IMSVA 9.1 is affected by an XML External Entity Processing (XXE) vulnerability (CVE-2020-27017). An authenticated administrator/root can read arbitrary local files. Root cause involves XML data handling in IMSVA’s Java components. Impact is partial confidentiality (per CVSS) with no i...

4.9CVSS4.9AI score0.00998EPSS

Exploits2References2Affected Software1

OSV•added 2020/10/22 9:15 p.m.•0 views

CVE-2020-25186

An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure...

7.5CVSS7.1AI score

Exploits0References1

Zero Day Initiative•added 2020/10/22 12:0 a.m.•23 views

WECON LeviStudioU XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS2.2AI score0.00216EPSS

Exploits0References1

Veeam•added 2020/07/07 12:0 a.m.•18 views

Veeam ONE XML External Entity Processing vulnerabilities

Challenge XML External Entity Processing vulnerabilities in Veeam ONE Reporter make possible to read arbitrary files without authentication. Severity : critical CVSS v3 score : 7.5 Cause Veeam ONE Reporter uses XML files for importing and exporting report templates. A remote attacker may send...

7.8CVSS7.8AI score0.27312EPSS

Exploits0

Source Incite•added 2020/04/23 12:0 a.m.•31 views

SRC-2020-0031 : Microsoft Exchange Server EWS RouteComplaint ParseComplaintData XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of RouteComplaint SOAP requests to the EWS service...

8.4CVSS7.3AI score0.28003EPSS

Exploits1

Prion•added 2020/02/14 5:15 p.m.•11 views

Xxe

An XML External Entity XXE processing vulnerability was reported in Lenovo XClarity Administrator LXCA versions prior to 2.6.6 that could allow information disclosure...

4.3CVSS5.7AI score0.00252EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by