346 matches found
Xxe
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference...
CVE-2022-43941
CVE-2022-43941 affects Hitachi Vantara Pentaho Business Analytics Server prior to 9.4.0.1 and 9.3.0.2 (including 8.3.x). The issue is that the Post Analysis service endpoint of the data access plugin does not properly protect against XML External Entity (XXE) references, a root-cause that can lea...
Xxe
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
Impact Any user with edit rights on a document can trigger a XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. Example to reproduce: Create a forget XAR file and inside it, have the following package.xml content: xml Helper pages...
CVE-2015-10082
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plistfromxml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It ...
Xxe
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plistfromxml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It ...
CVE-2016-15026
A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The pat...
CVE-2016-15026 3breadt dd-plist xml external entity reference
A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The pat...
CVE-2016-15026
CVE-2016-15026 affects 3breadt dd-plist version 1.17 with an XML External Entity (XXE) handling flaw in the XML parser. The issue can be leveraged by a local attacker to read arbitrary files on the server by supplying specially crafted XML content. A fix is available in dd-plist 1.18, with the pa...
java-xmlbuilder vulnerable to XML External Entity Reference
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...
CVE-2014-125087
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...
CVE-2014-125087
CVE-2014-125087 affects java-xmlbuilder up to 1.1. The issue is an XML External Entity (XXE) reference in the XML parser handling, allowing potentially disclosure of sensitive files. A fix is available in version 1.2, with patch name e6fddca201790abab4f2c274341c0bb8835c3e73. Upgrading the affecte...
CVE-2014-125087 java-xmlbuilder xml external entity reference
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...
JVN#00712821: Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools
tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Impact By reading a specially crafted XML file, arbitrary files which meet a certain condition may be...
CVE-2023-22322
Improper restriction of XML external entity reference XXE vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed...
CVE-2023-22322
Improper restriction of XML external entity reference XXE vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed...
Entity Browser - Moderately critical - Information Disclosure - SA-CONTRIB-2023-002
The Entity Browser module allows you to select entities from entity reference fields using a custom entity browser widget. Entity Browser does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about entities they are not...
libxml2: dict corruption caused by entity reference cycles
A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...